-3

How to create IAM policy to restrict user to access AWS bills from March 2023 onward? IAM User not allowed to see previous bills just allowed to see the AWS bills from march onward.

I have tried but unable to create IAM policy which specifically allow user to see the bills from March onward, below is my IAM policy.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1678707882255",
      "Action": [
        "billing:GetBillingData",
        "billing:GetBillingDetails",
        "billing:GetBillingNotifications",
        "billing:GetBillingPreferences",
        "billing:GetContractInformation",
        "billing:GetCredits",
        "billing:GetIAMAccessPreference",
        "billing:GetSellerOfRecord",
        "billing:ListBillingViews",
        "billing:PutContractInformation",
        "billing:RedeemCredits",
        "billing:UpdateBillingPreferences",
        "billing:UpdateIAMAccessPreference"
      ],
      "Effect": "Deny",
      "Resource": "*",
      "Condition": {
        "DateLessThan": {
          "aws:CurrentTime": "2023-01-28T23:59:59Z"
        }
      }
    }
  ]
}
John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Usman
  • 1
  • 1

1 Answers1

0

Based on Actions, resources, and condition keys for AWS Billing and Cost Management - Service Authorization Reference, none of those AWS Billing API calls accept a Condition.

Therefore, if somebody has permission to make one of those API calls, then it is not possible to restrict their use of the call based on a condition (eg a date).

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
  • Yes, I didn't find any solution for that yet but I think you are right it is not possible. – Usman Mar 14 '23 at 12:30