AWS Usage Report Access - IAM Policy Statement

Granting Access to AWS Usage Report Page

Prev Question Next Question

Question

The CFO of a company wants to allow one of his employees to view the AWS usage report page.

Which of the below mentioned IAM policy statements allows the user to have access to the AWS usage report page?

Answers

A. “Effect”: “Allow”, “Action”: [“Describe”],“Resource”: “Billing”

B. “Effect”:“Allow”, “Action”: [“AccountUsage], “Resource”: “*”

C. “Effect”:“Allow”, “Action”: [“aws-portal:ViewUsage”,” aws-portal:ViewBilling”],“Resource”: “*”

D. “Effect”:“Allow”, “Action”: [“aws-portal: ViewBilling”], “Resource”: “*”

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer: C.

Option A is incorrect because to allow employees to view the AWS usage report page, IAM policy requires the aws-portal:ViewUsage and aws-portal:ViewBilling actions instead of the Describe action.

Option B is incorrect because to allow employees to view the AWS usage report page, IAM policy requires the aws-portal:ViewUsage and aws-portal:ViewBilling actions instead of the AccountUsage action.

Option C is CORRECT because to allow employees to view the AWS usage report page, IAM policy requires the aws-portal:ViewUsage and aws-portal:ViewBilling action.

Option D is incorrect because to allow employees to view the AWS usage report page, IAM policy requires the aws-portal:ViewUsage and aws-portal:ViewBilling actions instead of the aws-portal action.

For information, kindly refer to the following URL:

https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/billing-example-policies.html#example-billing-view-reports

Example 2: Allow IAM users to access the Reports console page

To allow an IAM user to access the Reports console page and to view the usage reports that contain account
activity information, you would use a policy similar to this example policy.

f
nyersion
"Statement":

012-10-17",

'aws-portal: ViewBilling"

Ie
"Resource"

Out of the four IAM policy statements mentioned, only one of them allows a user to access the AWS usage report page. Let's examine each statement in detail to determine the correct answer.

A. “Effect”: “Allow”, “Action”: [“Describe”],“Resource”: “Billing” This statement grants permission to describe the billing details of an AWS account. However, it does not allow access to the usage report page. Therefore, this is not the correct answer.

B. “Effect”:“Allow”, “Action”: [“AccountUsage], “Resource”: “*” This statement allows a user to access the account usage details of an AWS account. However, it does not provide access to the AWS usage report page. Therefore, this is not the correct answer.

C. “Effect”:“Allow”, “Action”: [“aws-portal:ViewUsage”,” aws-portal:ViewBilling”],“Resource”: “*” This statement grants access to both the AWS usage report page and the billing page. It uses the AWS-portal namespace to define the actions to allow. Therefore, this is the correct answer.

D. “Effect”:“Allow”, “Action”: [“aws-portal: ViewBilling”], “Resource”: “*” This statement only allows access to the billing page and not the AWS usage report page. Therefore, this is not the correct answer.

In conclusion, option C is the correct IAM policy statement that allows a user to access the AWS usage report page.

Prev Question Next Question