AWS Security ChangesHomeSearch

AWS cost-management documentation change

Service: cost-management · 2025-06-25 · Documentation low

File: cost-management/latest/userguide/billing-example-policies.md

Summary

Added multiple JSON policy examples across various billing and cost management scenarios

Security assessment

Expanded IAM policy examples help implement least-privilege access controls for financial operations

Diff

diff --git a/cost-management/latest/userguide/billing-example-policies.md b/cost-management/latest/userguide/billing-example-policies.md
index 8c90b8e8c..cc84e9a90 100644
--- a//cost-management/latest/userguide/billing-example-policies.md
+++ b//cost-management/latest/userguide/billing-example-policies.md
@@ -107,0 +108,6 @@ To explicitly deny a user access to the all Billing and Cost Management console
+JSON
+    
+
+****
+    
+    
@@ -131,0 +139,6 @@ Adding this policy to a user or role will deny users access to Cost Explorer (AW
+JSON
+    
+
+****
+    
+    
@@ -151,0 +166,6 @@ This policy doesn't allow any actions. Use this policy in combination with other
+JSON
+    
+
+****
+    
+    
@@ -171,0 +193,6 @@ This policy allows read-only access to all of the Billing and Cost Management co
+JSON
+    
+
+****
+    
+    
@@ -206,0 +235,6 @@ To allow users to modify account billing information in the Billing and Cost Man
+JSON
+    
+
+****
+    
+    
@@ -223,0 +259,6 @@ To allow users to create budgets in the Billing and Cost Management console, you
+JSON
+    
+
+****
+    
+    
@@ -268,0 +311,6 @@ To protect your account password, contact information, and security questions, y
+JSON
+    
+
+****
+    
+    
@@ -297,0 +347,6 @@ For more information, see [ Using Bucket Policies and User Policies](https://doc
+JSON
+    
+
+****
+    
+    
@@ -327,0 +384,6 @@ To allow users to use the AWS Cost Explorer API, use the following policy to gra
+JSON
+    
+
+****
+    
+    
@@ -351,0 +415,6 @@ This policy allows a user to view and update using the **Cost Explorer preferenc
+JSON
+    
+
+****
+    
+    
@@ -369,0 +440,6 @@ The following policy allows users to view Cost Explorer, but deny permission to
+JSON
+    
+
+****
+    
+    
@@ -395,0 +473,6 @@ The following policy allows users to view Cost Explorer, but deny permission to
+JSON
+    
+
+****
+    
+    
@@ -422,0 +507,6 @@ This policy allows a user to view, create, update, and delete using the **Cost E
+JSON
+    
+
+****
+    
+    
@@ -442,0 +534,6 @@ The following policy allows users to view Cost Explorer, but deny permission to
+JSON
+    
+
+****
+    
+    
@@ -499,0 +598,6 @@ This policy allows a user to view, create, update, and delete [reservation expir
+JSON
+    
+
+****
+    
+    
@@ -519,0 +625,6 @@ The following policy allows users to view Cost Explorer, but denies permission t
+JSON
+    
+
+****
+    
+    
@@ -547,0 +660,6 @@ The following policy allows users to view Cost Explorer, but denies permission t
+JSON
+    
+
+****
+    
+    
@@ -576,0 +696,6 @@ To allow users read-only access to AWS Cost Anomaly Detection, use the following
+JSON
+    
+
+****
+    
+    
@@ -595,0 +722,6 @@ This policy allows AWS Budgets to apply IAM policies and service control policie
+JSON
+    
+
+****
+    
+    
@@ -626,0 +760,6 @@ This trust policy allows AWS Budgets to assume a role that can call other servic
+JSON
+    
+
+****
+    
+    
@@ -650,0 +791,6 @@ Permissions policy
+JSON
+    
+
+****
+    
+    
@@ -682,0 +830,6 @@ This policy allows IAM users to create, list, and add usage to workload estimate
+JSON
+    
+
+****
+    
+    
@@ -710,0 +865,6 @@ This policy allows IAM users to create, list, and add usage and commitements to
+JSON
+    
+
+****
+    
+    
@@ -736,0 +898,6 @@ This policy allows IAM users to create bill estimate and list bill estimate line
+JSON
+    
+
+****
+    
+    
@@ -762,0 +931,6 @@ This policy allows IAM users to create and get rate preferences.
+JSON
+    
+
+****
+    
+    
@@ -782,0 +958,6 @@ This policy allows IAM users to create, manage, and share custom billing views.
+JSON
+    
+
+****
+    
+    
@@ -819,0 +1002,6 @@ This policy allows IAM users to access Cost Explorer when accessing a specific c
+JSON
+    
+
+****
+    
+