From e776fb52cb25994be45632b105ad35088204d696 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 24 May 2022 09:38:48 -0400
Subject: [PATCH 1/3] add policy.tf for billing

---
 billing-role/policy.tf | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)
 create mode 100644 billing-role/policy.tf

diff --git a/billing-role/policy.tf b/billing-role/policy.tf
new file mode 100644
index 0000000..4a84560
--- /dev/null
+++ b/billing-role/policy.tf
@@ -0,0 +1,24 @@
+data "aws_iam_policy_document" "full_billing" {
+  statement {
+    sid       = "FullBillingAccess"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      "aws-portal:*",
+      # add others, to allow cost explorer and budgets
+    ]
+  }
+}
+
+data "aws_iam_policy_document" "limited_billing" {
+  statement {
+    sid       = "LimitedBillingAccess"
+    effect    = "Allow"
+    resources = ["*"]
+
+    actions = [
+      # put in right set of things for cost explorer and read access to billing
+    ]
+  }
+}

From d512c168426657f78aff6c1d356705ba88ed69c8 Mon Sep 17 00:00:00 2001
From: ashle001 <roy.d.ashley.jr@census.gov>
Date: Tue, 24 May 2022 10:46:30 -0400
Subject: [PATCH 2/3] billing-policies

---
 billing-role/policy.tf | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/billing-role/policy.tf b/billing-role/policy.tf
index 4a84560..e94a654 100644
--- a/billing-role/policy.tf
+++ b/billing-role/policy.tf
@@ -5,7 +5,20 @@ data "aws_iam_policy_document" "full_billing" {
     resources = ["*"]
 
     actions = [
-      "aws-portal:*",
+      "aws-portal:View*",
+      "ce:Describe*",
+      "ce:Get*",
+      "ce:List*",
+      "ce:CreateNotificationSubscription",
+      "ce:CreateReport",
+      "ce:DeleteNotificationSubscription",
+      "ce:DeleteReport",
+      "ce:UpdateNotificationSubscription",
+      "ce:UpdateReport",
+      "ce:UpdatePreferences",
+      "budgets:View*",
+      "budgets:Describe*",
+      #"budgets:*",
       # add others, to allow cost explorer and budgets
     ]
   }
@@ -18,6 +31,10 @@ data "aws_iam_policy_document" "limited_billing" {
     resources = ["*"]
 
     actions = [
+      "aws-portal:View*",
+      "ce:Describe*",
+      "ce:Get*",
+      "ce:List*",
       # put in right set of things for cost explorer and read access to billing
     ]
   }

From 1b1eac8494fbb34dd5dc6ffc35c13dc9b0436b62 Mon Sep 17 00:00:00 2001
From: badra001 <donald.e.badrak.ii@census.gov>
Date: Tue, 24 May 2022 14:37:29 -0400
Subject: [PATCH 3/3] add readme

---
 billing-role/README.md | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 billing-role/README.md

diff --git a/billing-role/README.md b/billing-role/README.md
new file mode 100644
index 0000000..db3935a
--- /dev/null
+++ b/billing-role/README.md
@@ -0,0 +1,28 @@
+## Requirements
+
+No requirements.
+
+## Providers
+
+| Name | Version |
+|------|---------|
+| <a name="provider_aws"></a> [aws](#provider\_aws) | n/a |
+
+## Modules
+
+No modules.
+
+## Resources
+
+| Name | Type |
+|------|------|
+| [aws_iam_policy_document.full_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.limited_billing](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+
+## Inputs
+
+No inputs.
+
+## Outputs
+
+No outputs.