...
Info |
---|
If you are creating three new policies, prepending them with the same string will allow for easier retrieval when creating the role and assigning policies |
Allow read of cost and usage data
Navigate to the IAM console and create a new policy with the json described permissions below
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "ce:GetCostAndUsage", "Resource": "*" } ] } |
Allow Read of created secret
Find the secret name in the script output and replace {SecretNameHere} with the secret name and {AWS account ID} with your account id
...
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:*:{AWS Account ID}:secret:{SecretNameHere}*" } ] } |
Allow management of DynamoDB and Simple Queue Service
Create the third policy:
Info |
---|
You will need your aws account ID |
...