xpk/terraform.aws-baseline-infra
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

UPD: fine-grained billing access

Browse Source
This commit is contained in:
xpk 2023-07-17 21:48:16 +08:00
parent ab9634c895
commit 561904d529
Signed by: xpk
GPG Key ID: CD4FF6793F09AB86
1 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
modules/security_identity_compliance/roles_iam_resources/cloudhealth-role.tf
View File

@ -36,8 +36,6 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
{
"Action": [
"autoscaling:Describe*",
"aws-portal:ViewBilling",
"aws-portal:ViewUsage",
"cloudformation:ListStacks",
"cloudformation:ListStackResources",
"cloudformation:DescribeStacks",
@ -82,6 +80,7 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
"es:DescribeReservedElasticsearchInstances",
"firehose:ListDeliveryStreams",
"firehose:DescribeDeliveryStream",
"fsx:Describe*",
"iam:List*",
"iam:Get*",
"iam:GenerateCredentialReport",
@ -92,6 +91,7 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
"kms:ListKeys",
"lambda:List*",
"logs:Describe*",
"logs:List*",
"organizations:ListAccounts",
"organizations:ListTagsForResource",
"redshift:Describe*",
@ -123,7 +123,26 @@ resource "aws_iam_policy" "CloudHealth-Policy" {
"sqs:ListQueues",
"storagegateway:List*",
"storagegateway:Describe*",
"workspaces:Describe*"
"workspaces:Describe*",
"account:Get*",
"billing:Get*",
"billing:List*",
"ce:Describe*",
"ce:Get*",
"ce:List*",
"consolidatedbilling:GetAccountBillingRole",
"consolidatedbilling:ListLinkedAccounts",
"cur:Get*",
"cur:ValidateReportDestination",
"freetier:Get*",
"invoicing:Get*",
"invoicing:List*",
"payments:Get*",
"payments:List*",
"purchase-orders:Get*",
"purchase-orders:List*",
"tax:Get*",
"tax:List*"
],
"Resource": "*",
"Effect": "Allow"