AWS 托管策略 - AWS 账单
AWSPurchaseOrdersServiceRolePolicyAWSBillingReadOnlyAccessBillingAWSAccountActivityAccessAWSPriceListServiceFullAccess策略更新

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

AWS 托管策略

托管策略是基于身份的独立策略,您可以将其附加到账户 AWS 中的多个用户、群组和角色。您可以使用 AWS 托管策略来控制账单中的访问权限。

AWS 托管策略是由创建和管理的独立策略 AWS。 AWS 托管策略旨在为许多常见用例提供权限。 AWS 与必须自己编写策略相比,托管策略使您可以更轻松地为用户、组和角色分配适当的权限。

您无法更改 AWS 托管策略中定义的权限。 AWS 偶尔会更新 AWS 托管策略中定义的权限。当发生此情况时,更新会影响策略附加到的所有委托人实体(用户、组和角色)。

计费为常见用例提供了多种 AWS 托管策略。

AWSPurchaseOrdersServiceRolePolicy

此托管式策略将授予对账单与成本管理控制台和采购订单控制台的完全访问权限。此策略允许用户查看、创建、更新和删除账户的采购订单。

JSON
{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "account:GetAccountInformation",
            "account:GetContactInformation",
            "aws-portal:*Billing",
            "consolidatedbilling:GetAccountBillingRole",
            "invoicing:GetInvoicePDF",
            "invoicing:ListInvoiceUnits",
            "payments:GetPaymentInstrument",
            "payments:ListPaymentPreferences",
            "purchase-orders:AddPurchaseOrder",
            "purchase-orders:DeletePurchaseOrder",
            "purchase-orders:GetPurchaseOrder",
            "purchase-orders:ListPurchaseOrderInvoices",
            "purchase-orders:ListPurchaseOrders",
            "purchase-orders:ListTagsForResource",
            "purchase-orders:ModifyPurchaseOrders",
            "purchase-orders:TagResource",
            "purchase-orders:UntagResource",
            "purchase-orders:UpdatePurchaseOrder",
            "purchase-orders:UpdatePurchaseOrderStatus",
            "purchase-orders:ViewPurchaseOrders",
            "tax:ListTaxRegistrations"
         ],
         "Resource":"*"
      }
   ]
}

AWSBillingReadOnlyAccess

此托管策略授予用户对 AWS 账单与成本管理 控制台中功能的只读访问权限。

权限详细信息

该策略包含以下权限:

  • account— 检索有关其 AWS 账户的信息。

  • aws-portal— 向用户授予对 Billing and Cost Management 控制台页面的总体查看权限。

  • billing— 检索对 AWS 账单信息的全面访问权限,例如账单偏好、有效合同、已应用的积分或折扣、IAM 偏好、记录在案的卖家以及账单报告列表。

  • budgets— 检索有关为该 AWS Budgets 功能设置的操作的信息。

  • ce— 检索成本和使用情况信息、标签和维度值以查看 Cost Explorer 功能。 AWS

  • consolidatedbilling— 使用整合账单功能检索角色和有关 AWS 账户 配置的详细信息。

  • cur— 检索有关其 AWS 成本和使用情况报告 数据的信息。

  • freetier— 检索有关 AWS Free Tier 警报和使用偏好的信息。

  • invoicing— 检索有关其发票首选项的信息。

  • mapcredits— 检索与 Migration Acceleration Program (MAP) 2.0 协议相关的支出和积分。

  • payments— 检索融资、付款状态和支付工具信息。

  • purchase-orders— 检索与其采购订单相关的发票信息。

  • sustainability— 根据碳足迹的 AWS 使用情况检索碳足迹信息。

  • tax— 从税务设置中检索已注册的税务信息。

JSON
{
      "Version": "2012-10-17",
      "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "account:GetAccountInformation",
                    "aws-portal:ViewBilling",
                    "billing:GetBillingData",
                    "billing:GetBillingDetails",
                    "billing:GetBillingNotifications",
                    "billing:GetBillingPreferences",
                    "billing:GetContractInformation",
                    "billing:GetCredits",
                    "billing:GetIAMAccessPreference",
                    "billing:GetSellerOfRecord", 
                    "billing:ListBillingViews",
                    "budgets:DescribeBudgetActionsForBudget",
                    "budgets:DescribeBudgetAction",
                    "budgets:DescribeBudgetActionsForAccount",
                    "budgets:DescribeBudgetActionHistories",
                    "budgets:ViewBudget",
                    "ce:DescribeCostCategoryDefinition",
                    "ce:GetCostAndUsage",
                    "ce:GetDimensionValues",
                    "ce:GetTags",
                    "ce:ListCostCategoryDefinitions",
                    "ce:ListCostAllocationTags",
                    "ce:ListCostAllocationTagBackfillHistory",
                    "ce:ListTagsForResource",
                    "consolidatedbilling:GetAccountBillingRole",
                    "consolidatedbilling:ListLinkedAccounts",
                    "cur:DescribeReportDefinitions",
                    "cur:GetClassicReport",
                    "cur:GetClassicReportPreferences", 
                    "cur:GetUsageReport",
                    "freetier:GetFreeTierAlertPreference",
                    "freetier:GetFreeTierUsage",
                    "invoicing:BatchGetInvoiceProfile",
                    "invoicing:GetInvoiceEmailDeliveryPreferences",
                    "invoicing:GetInvoicePDF",
                    "invoicing:GetInvoiceUnit",
                    "invoicing:ListInvoiceSummaries",
                    "invoicing:ListInvoiceUnits",
                    "invoicing:ListTagsForResource",
                    "mapcredits:ListAssociatedPrograms",
                    "mapcredits:ListQuarterCredits",
                    "mapcredits:ListQuarterSpend",
                    "mapcredits:GetUniqueQuarterSpendSum",
                    "payments:GetFinancingApplication",
                    "payments:GetFinancingLine",
                    "payments:GetFinancingLineWithdrawal",
                    "payments:GetFinancingOption",
                    "payments:GetPaymentInstrument", 
                    "payments:GetPaymentStatus",
                    "payments:ListFinancingApplications",
                    "payments:ListFinancingLines",
                    "payments:ListFinancingLineWithdrawals",
                    "payments:ListPaymentInstruments",
                    "payments:ListPaymentPreferences",
                    "payments:ListPaymentProgramOptions",
                    "payments:ListPaymentProgramStatus",
                    "payments:ListTagsForResource",
                    "purchase-orders:GetPurchaseOrder",
                    "purchase-orders:ListPurchaseOrderInvoices",
                    "purchase-orders:ListPurchaseOrders",
                    "purchase-orders:ListTagsForResource",
                    "purchase-orders:ViewPurchaseOrders",
                    "sustainability:GetCarbonFootprintSummary",
                    "tax:GetTaxInheritance",
                    "tax:GetTaxRegistrationDocument",
                    "tax:ListTaxRegistrations"
            ],
        "Resource": "*"
      }
   ]
}

Billing

此托管策略授予用户查看和编辑 AWS 账单与成本管理 控制台的权限。这包括查看账户使用量、修改预算和付款方式。

JSON
{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [            
            "account:GetAccountInformation",
            "aws-portal:*Billing",
            "aws-portal:*PaymentMethods",
            "aws-portal:*Usage",
            "billing:CreateBillingView",
            "billing:DeleteBillingView",
            "billing:GetBillingData",
            "billing:GetBillingDetails",
            "billing:GetBillingNotifications",
            "billing:GetBillingPreferences",
            "billing:GetBillingView",
            "billing:GetContractInformation",
            "billing:GetCredits",
            "billing:GetIAMAccessPreference",
            "billing:GetSellerOfRecord",
            "billing:ListBillingViews",
            "billing:PutContractInformation",
            "billing:RedeemCredits",
            "billing:GetResourcePolicy",
            "billing:ListSourceViewsForBillingView",
            "billing:ListTagsForResource",
            "billing:TagResource",
            "billing:UntagResource",
            "billing:UpdateBillingPreferences",
            "billing:UpdateBillingView",
            "billing:UpdateIAMAccessPreference",
            "budgets:CreateBudgetAction",
            "budgets:DeleteBudgetAction",
            "budgets:DescribeBudgetActionsForBudget",
            "budgets:DescribeBudgetAction",
            "budgets:DescribeBudgetActionsForAccount",
            "budgets:DescribeBudgetActionHistories",
            "budgets:ExecuteBudgetAction",
            "budgets:ModifyBudget", 
            "budgets:UpdateBudgetAction",
            "budgets:ViewBudget", 
            "ce:CreateNotificationSubscription", 
            "ce:CreateReport", 
            "ce:CreateCostCategoryDefinition",
            "ce:DeleteNotificationSubscription",
            "ce:DeleteCostCategoryDefinition",
            "ce:DescribeCostCategoryDefinition",
            "ce:DeleteReport", 
            "ce:GetCostAndUsage",
            "ce:GetDimensionValues",
            "ce:GetTags",
            "ce:ListCostAllocationTags",
            "ce:ListCostAllocationTagBackfillHistory",
            "ce:ListCostCategoryDefinitions",
            "ce:ListTagsForResource",
            "ce:StartCostAllocationTagBackfill",
            "ce:UpdateCostAllocationTagsStatus",
            "ce:UpdateNotificationSubscription",
            "ce:TagResource",
            "ce:UpdatePreferences", 
            "ce:UpdateReport",
            "ce:UntagResource",
            "ce:UpdateCostCategoryDefinition",
            "consolidatedbilling:GetAccountBillingRole",
            "consolidatedbilling:ListLinkedAccounts",
            "cur:DeleteReportDefinition", 
            "cur:DescribeReportDefinitions", 
            "cur:GetClassicReport",
            "cur:GetClassicReportPreferences",
            "cur:GetUsageReport",
            "cur:ModifyReportDefinition", 
            "cur:PutClassicReportPreferences",
            "cur:PutReportDefinition", 
            "cur:ValidateReportDestination",
            "freetier:GetFreeTierAlertPreference",
            "freetier:GetFreeTierUsage",
            "freetier:PutFreeTierAlertPreference",
            "invoicing:BatchGetInvoiceProfile",
            "invoicing:CreateInvoiceUnit",
            "invoicing:DeleteInvoiceUnit",
            "invoicing:GetInvoiceEmailDeliveryPreferences",
            "invoicing:GetInvoicePDF",
            "invoicing:GetInvoiceUnit",
            "invoicing:ListInvoiceSummaries",
            "invoicing:ListInvoiceUnits",
            "invoicing:ListTagsForResource",
            "invoicing:PutInvoiceEmailDeliveryPreferences",
            "invoicing:TagResource",
            "invoicing:UntagResource",
            "invoicing:UpdateInvoiceUnit",
            "mapcredits:ListAssociatedPrograms",
            "mapcredits:ListQuarterCredits",
            "mapcredits:ListQuarterSpend",
            "mapcredits:GetUniqueQuarterSpendSum",
            "payments:CreateFinancingApplication",
            "payments:CreatePaymentInstrument",
            "payments:DeletePaymentInstrument",
            "payments:GetFinancingApplication",
            "payments:GetFinancingLine",
            "payments:GetFinancingLineWithdrawal",
            "payments:GetFinancingOption",
            "payments:GetPaymentInstrument",
            "payments:GetPaymentStatus",
            "payments:ListFinancingApplications",
            "payments:ListFinancingLines",
            "payments:ListFinancingLineWithdrawals",
            "payments:ListPaymentInstruments",
            "payments:ListPaymentPreferences",
            "payments:ListPaymentProgramOptions",
            "payments:ListPaymentProgramStatus",
            "payments:ListTagsForResource",
            "payments:MakePayment",
            "payments:TagResource",
            "payments:UntagResource",
            "payments:UpdateFinancingApplication",
            "payments:UpdatePaymentInstrument",
            "payments:UpdatePaymentPreferences",
            "pricing:DescribeServices",
            "purchase-orders:AddPurchaseOrder",
            "purchase-orders:DeletePurchaseOrder",
            "purchase-orders:GetPurchaseOrder",
            "purchase-orders:ListPurchaseOrderInvoices",
            "purchase-orders:ListPurchaseOrders",
            "purchase-orders:ListTagsForResource",
            "purchase-orders:ModifyPurchaseOrders",
            "purchase-orders:TagResource",
            "purchase-orders:UntagResource",
            "purchase-orders:UpdatePurchaseOrder",
            "purchase-orders:UpdatePurchaseOrderStatus",
            "purchase-orders:ViewPurchaseOrders",
            "support:AddAttachmentsToSet",
            "support:CreateCase",
            "sustainability:GetCarbonFootprintSummary",
            "tax:BatchPutTaxRegistration",
            "tax:DeleteTaxRegistration",
            "tax:GetExemptions",
            "tax:GetTaxInheritance",
            "tax:GetTaxInterview",
            "tax:GetTaxRegistration",
            "tax:GetTaxRegistrationDocument",
            "tax:ListTaxRegistrations",
            "tax:PutTaxInheritance",
            "tax:PutTaxInterview",
            "tax:PutTaxRegistration",
            "tax:UpdateExemptions"
        ],
       "Resource": "*"
      }
   ]
}

AWSAccountActivityAccess

此托管式策略授予用户查看账户活动页面的权限。

JSON
{
      "Version": "2012-10-17",
      "Statement": [
            {
              "Sid": "VisualEditor0",
              "Effect": "Allow",
              "Action": [
                "account:GetRegionOptStatus",
                "account:GetAccountInformation",
                "account:GetAlternateContact",
                "account:GetContactInformation",
                "account:ListRegions",
                "aws-portal:ViewBilling",
                "billing:GetIAMAccessPreference",
                "billing:GetSellerOfRecord",
                "payments:ListPaymentPreferences"
        ],
        "Resource": "*"
      }
   ]
}

AWSPriceListServiceFullAccess

此托管策略授予用户对 AWS 价目表服务的完全访问权限。

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSPriceListServiceFullAccess",
            "Effect": "Allow",
            "Action": [
                "pricing:*"
            ],
            "Resource": "*"
        }
    ]
}

AWS 账单托 AWS 管政策的更新

查看自该服务开始跟踪这些变更以来 AWS 账单 AWS 托管政策更新的详细信息。要获得有关此页面变更的自动提醒,请订阅 “ AWS 账单文档历史记录” 页面上的 RSS feed。

更改 描述 日期

AWSBillingReadOnlyAccess – 对现有策略的更新

我们在中添加了以下 AWS Free Tier 权限AWSBillingReadOnlyAccess

  • freetier:GetAccountPlanState

  • freetier:GetAccountActivity

  • freetier:ListAccountActivities

2025年7月9日

账单AWSBillingReadOnlyAccess— 更新现有政策

我们在Billing和中添加了以下 MAP 2.0 权限AWSBillingReadOnlyAccess

  • mapcredits:ListAssociatedPrograms

  • mapcredits:ListQuarterCredits

  • mapcredits:ListQuarterSpend

  • mapcredits:GetUniqueQuarterSpendSum

2025 年 3 月 27 日

账单-更新现有政策

我们在中添加了以下开票权限Billing

  • billing:CreateBillingView

  • billing:DeleteBillingView

  • billing:GetBillingView

  • billing:GetResourcePolicy

  • billing:ListSourceViewsForBillingView

  • billing:ListTagsForResource

  • billing:TagResource

  • billing:UntagResource

  • billing:UpdateBillingView

2025 年 1 月 17 日

AWSPurchaseOrdersServiceRolePolicy账单AWSBillingReadOnlyAccess— 更新现有政策

我们已将以下开票权限添加到AWSPurchaseOrdersServiceRolePolicy

  • invoicing:ListInvoiceUnits

我们在中添加了以下开票权限AWSBillingReadOnlyAccess

  • invoicing:BatchGetInvoiceProfile

  • invoicing:GetInvoiceUnit

  • invoicing:ListInvoiceUnits

  • invoicing:ListTagsForResource

我们在中添加了以下开票权限Billing

  • invoicing:BatchGetInvoiceProfile

  • invoicing:CreateInvoiceUnit

  • invoicing:DeleteInvoiceUnit

  • invoicing:GetInvoiceUnit

  • invoicing:ListInvoiceUnits

  • invoicing:ListTagsForResource

  • invoicing:TagResource

  • invoicing:UntagResource

  • invoicing:UpdateInvoiceUnit

2024 年 12 月 1 日

账单AWSBillingReadOnlyAccess— 更新现有政策

我们在中添加了以下付款权限Billing

  • payments:GetFinancingOption

  • payments:CreateFinancingApplication

  • payments:UpdateFinancingApplication

  • payments:GetFinancingApplication

  • payments:ListFinancingApplications

  • payments:ListFinancingLines

  • payments:GetFinancingLine

  • payments:ListFinancingLines

  • payments:GetFinancingLineWithdrawal

  • payments:ListFinancingLineWithdrawals

  • payments:ListPaymentProgramStatus

  • payments:ListPaymentProgramOptions

我们在中添加了以下付款权限AWSBillingReadOnlyAccess

  • payments:GetFinancingOption

  • payments:GetFinancingApplication

  • payments:ListFinancingApplications

  • payments:GetFinancingLine

  • payments:ListFinancingLines

  • payments:GetFinancingLineWithdrawal

  • payments:ListFinancingLineWithdrawals

  • payments:ListPaymentProgramStatus

  • payments:ListPaymentProgramOptions

2024 年 11 月 12 日

AWSPriceListServiceFullAccess - 更新的策略

我们添加了 AWS 价目表服务 AWSPriceListServiceFullAccess 策略的文档。该策略最初于 2017 年推出。我们已将 Sid": "AWSPriceListServiceFullAccess 更新到现有策略中。

2024 年 7 月 2 日

账单AWSBillingReadOnlyAccess— 更新现有政策

我们为 Billing 添加了以下成本分配标签相关的权限:

  • payments:ListTagsForResource

  • payments:TagResource

  • payments:UntagResource

  • payments:ListPaymentInstruments

  • payments:UpdatePaymentInstrument

我们为 AWSBillingReadOnlyAccess 添加了以下标签相关的权限:

  • payments:ListTagsForResource

  • payments:ListPaymentInstruments

2024 年 5 月 31 日

账单AWSBillingReadOnlyAccess— 更新现有政策

我们为 Billing 添加了以下成本分配标签相关的权限:

  • ce:ListCostAllocationTagBackfillHistory

  • ce:StartCostAllocationTagBackfill

  • ce:GetTags

  • ce:GetDimensionValues

我们为 AWSBillingReadOnlyAccess 添加了以下成本分配标签相关的权限:

  • ce:ListCostAllocationTagBackfillHistory

  • ce:GetTags

  • ce:GetDimensionValues

 2024 年 3 月 25 日
账单AWSBillingReadOnlyAccess— 更新现有政策

我们为 Billing 添加了以下成本分配标签相关的权限:

  • ce:ListCostAllocationTags

  • ce:UpdateCostAllocationTagsStatus

我们为 AWSBillingReadOnlyAccess 添加了以下成本分配标签相关的权限:

  • ce:ListCostAllocationTags

 2023 年 7 月 26 日

AWSPurchaseOrdersServiceRolePolicy账单AWSBillingReadOnlyAccess— 更新现有政策

我们为 Billing 和 AWSPurchaseOrdersServiceRolePolicy 添加了以下与采购订单标签相关的权限:

  • purchase-orders:ListTagsForResource

  • purchase-orders:TagResource

  • purchase-orders:UntagResource

我们为 AWSBillingReadOnlyAccess 添加了以下标签相关的权限:

  • purchase-orders:ListTagsForResource

 2023 年 7 月 17 日

AWSPurchaseOrdersServiceRolePolicy账单AWSBillingReadOnlyAccess— 更新现有政策

AWSAccountActivityAccess— 为 AWS 账单记录了新的 AWS 托管政策

 在所有策略中添加了更新的操作集。 2023 年 3 月 6 日

AWSPurchaseOrdersServiceRolePolicy – 对现有策略的更新

AWS 账单删除了不必要的权限。

 2021 年 11 月 18 日

AWS 账单已开始跟踪变更

AWS Billing 已开始跟踪其 AWS 托管政策的变更。

 2021 年 11 月 18 日