0

I have a root AWS account which is linked with other three sub aws accounts. in my root account I created a Lambda function to get billing metrics from cloudwatch using python SDK and APIs . its working I am using IAM user's access key and secret key which has billing access and all admin access but I copied the lambda code and put into sub account's lambda function it doesn't retrieve any data. I can't understand why its not working in sub account ?

import boto3
from datetime import datetime, timedelta;
def get_metrics(event, context):
  ACCESS_KEY='accesskey'
  SECRET_KEY='secretkey'
  client = boto3.client('cloudwatch',aws_access_key_id=ACCESS_KEY,aws_secret_access_key=SECRET_KEY)

  response = client.get_metric_statistics(
   Namespace='AWS/Billing',
   MetricName='EstimatedCharges',
   Dimensions=[
     {
         'Name': 'LinkedAccount',
         'Value': '12 digit account number'
     },
     {
         'Name': 'Currency',
         'Value': 'USD'
     },
  ],
  StartTime='2017, 12, 19',
  EndTime='2017, 12, 21',
  Period=86400,
  Statistics=[
     'Maximum',
  ],
  )
  print response
Chacko
  • 1,506
  • 1
  • 20
  • 42
Arun Kumar
  • 495
  • 9
  • 29
  • I believe you answered yourself :) You need to give sub-account access to billing data. I'm not even sure it's possible though. IIRC global billing data is only accessible from root account. sub-account can potentially see only its own billing data. – favoretti Dec 21 '17 at 12:10
  • I thing you did understand my question, I copied the lambda function from root lambda function to sub account lambda function with the same accesskey and secret key . The credentials are same . It belongs to root account's IAM user's credentials who have permission to view all linked account's billing details – Arun Kumar Dec 21 '17 at 12:35

0 Answers0