AWS access policies and permissions

AWS account holders manage access to their resources by creating policies and embedding them to IAM entities. Permissions in the policies determine what actions the entity can or cannot perform. CloudSpend requires the following permissions for a successful integration.

Service	Access level	Action
Cost and Usage Report	Full: Read	Read `DescribeReportDefinitions`
IAM	Limited: Read	Read `GetUser` `GetUserPolicy`
Organizations	Full: List and Read	List `ListAccounts` `ListAccountsForParent` `ListAWSServiceAccessForOrganization` `ListChildren` `ListCreateAccountStatus` `ListHandshakesForAccount` `ListHandshakesForOrganization` `ListOrganizationalUnitsForParent` `ListParents` `ListPolicies` `ListPoliciesForTarget` `ListRoots` `ListTargetsForPolicy` Read `DescribeAccount` `DescribeCreateAccountStatus` `DescribeHandshake` `DescribeOrganization` `DescribeOrganizationalUnit` `DescribePolicy`
Amazon S3	Full: list, Limited: Read	List `ListAllMyBuckets` `ListBucket` Read `GetAccelerateConfiguration` `GetAnalyticsConfiguration` `GetBucketAcl` `GetBucketCORS` `GetBucketLocation` `GetBucketLogging` `GetBucketNotification` `GetBucketPolicy` `GetBucketRequestPayment` `GetBucketTagging` `GetBucketVersioning` `GetBucketWebsite` `GetEncryptionConfiguration` `GetInventoryConfiguration` `GetMetricsConfiguration` `GetObject` `GetObjectAcl` `GetObjectTagging` `GetObjectVersionAcl` `GetObjectVersionForReplication` `GetObjectVersionTagging` `GetObjectVersionTorrent` `GetReplicationConfiguration` `ListBucketMultipartUploads` `ListBucketVersions` `ListMultipartUploadParts`

Top