Configuring an AWS IAM account with privileges to access S3

The owner of the consolidated AWS billing account must configure an AWS Identity and Access Management (IAM) account with privileges to access billing reports from AWS S3. Use IAM for creating access keys and user groups to provide more flexibility with access policy management that affects both individual IAM user accounts and their associated access keys. Policies can be applied to user groups to provide required access permissions for specific actions to specific S3 buckets.

When configuring the Amazon Web Services - Cost and Usage Extractor, if you already have IAM accounts that match your security requirements, you need not create new IAM users.

To conform with Amazon's best practices, use access keys that are associated with an IAM account, regardless of whether they have to create it or not.

Related topics

Amazon Web Services - Cost and Usage Extractor

To configure an AWS IAM account with privileges to access S3

The capacity planner/purchase manager can then use the access key and secret key for the account to configure the AWS Cost and Usage extractor.

  1. In the Add user page under Set user details, click Add another user, and then specify a user name for the new IAM account.
    create_iam_user_aws_s3.png

  2. Under Select AWS access type, select  Programmatic access.
  3. Create a new IAM user group, say S3Guests.
    create_iam_usergroup_aws_s3.png

  4. Associate appropriate S3 access policy with the group.
    set_iam_perms_aws_s3.png

  5. Include the newly created user in the user group .
  6. Create a new access key for the new user.

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*