From d512c168426657f78aff6c1d356705ba88ed69c8 Mon Sep 17 00:00:00 2001
From: ashle001 <roy.d.ashley.jr@census.gov>
Date: Tue, 24 May 2022 10:46:30 -0400
Subject: [PATCH] billing-policies

---
 billing-role/policy.tf | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/billing-role/policy.tf b/billing-role/policy.tf
index 4a84560..e94a654 100644
--- a/billing-role/policy.tf
+++ b/billing-role/policy.tf
@@ -5,7 +5,20 @@ data "aws_iam_policy_document" "full_billing" {
     resources = ["*"]
 
     actions = [
-      "aws-portal:*",
+      "aws-portal:View*",
+      "ce:Describe*",
+      "ce:Get*",
+      "ce:List*",
+      "ce:CreateNotificationSubscription",
+      "ce:CreateReport",
+      "ce:DeleteNotificationSubscription",
+      "ce:DeleteReport",
+      "ce:UpdateNotificationSubscription",
+      "ce:UpdateReport",
+      "ce:UpdatePreferences",
+      "budgets:View*",
+      "budgets:Describe*",
+      #"budgets:*",
       # add others, to allow cost explorer and budgets
     ]
   }
@@ -18,6 +31,10 @@ data "aws_iam_policy_document" "limited_billing" {
     resources = ["*"]
 
     actions = [
+      "aws-portal:View*",
+      "ce:Describe*",
+      "ce:Get*",
+      "ce:List*",
       # put in right set of things for cost explorer and read access to billing
     ]
   }