AWS access policies and permissions
AWS account holders manage access to their resources by creating policies and embedding them to IAM entities. Permissions in the policies determine what actions the entity can or cannot perform. CloudSpend requires the following permissions for a successful integration.
| Service | Access level | Action |
|---|
| Cost and Usage Report | Full: Read | Read DescribeReportDefinitions
|
| IAM | Limited: Read | Read GetUser
GetUserPolicy
|
| Organizations | Full: List and Read | List ListAccounts
ListAccountsForParent
ListAWSServiceAccessForOrganization
ListChildren
ListCreateAccountStatus
ListHandshakesForAccount
ListHandshakesForOrganization
ListOrganizationalUnitsForParent
ListParents
ListPolicies
ListPoliciesForTarget
ListRoots
ListTargetsForPolicy
Read DescribeAccount
DescribeCreateAccountStatus
DescribeHandshake
DescribeOrganization
DescribeOrganizationalUnit
DescribePolicy
|
| Amazon S3 | Full: list, Limited: Read | List ListAllMyBuckets
ListBucket
Read GetAccelerateConfiguration
GetAnalyticsConfiguration
GetBucketAcl
GetBucketCORS
GetBucketLocation
GetBucketLogging
GetBucketNotification
GetBucketPolicy
GetBucketRequestPayment
GetBucketTagging
GetBucketVersioning
GetBucketWebsite
GetEncryptionConfiguration
GetInventoryConfiguration
GetMetricsConfiguration
GetObject
GetObjectAcl
GetObjectTagging
GetObjectVersionAcl
GetObjectVersionForReplication
GetObjectVersionTagging
GetObjectVersionTorrent
GetReplicationConfiguration
ListBucketMultipartUploads
ListBucketVersions
ListMultipartUploadParts
|