ioBasis
Cloud made simple

How to create a read-only access in AWS

StaffGeneral

In this article, we will describe how to create a read-only access in your AWS. It will allows us to access your AWS account for general tasks, and keep your data private at the same time.

how-to-create-a-readonly-access-in-aws-01.jpg

Step 1. Enable IAM Users to Access to Billing Information

Log into AWS console using root user credentials. This is the user that created the AWS account. In case you see a Sign in as IAM user page, then you have to click Sign in using root user email.

First, click on Root user. And then enter root user email, and click Next.

how-to-create-a-readonly-access-in-aws-02.png

Then enter the root user password, and click Sign In.

how-to-create-a-readonly-access-in-aws-03.png

Then click on your name at the top right of the page. A new menu will be opened. Click on My Account.

how-to-create-a-readonly-access-in-aws-04.png

A new window will be opened in your web browser. Scroll down to IAM User and Role Access to Billing Information section. Click Edit. And make sure the Activate IAM Access checkbox is enabled. Then click Update.

how-to-create-a-readonly-access-in-aws-05.png

This will allow other users to access costs and billing information. Note that they won’t have access until you create them specific IAM policies. This will be completed in the next step.

Step 2. Create a Role with ReadOnly Permissions

Click on the link below to start creating the role.

Start Role Creation

This will open the AWS console in your web browser with a Quick Create Stack page. Scroll down to the Capabilities section. And click on the checkbox to acknowledge the creation of IAM Resources. And then click Create Stack.

how-to-create-a-readonly-access-in-aws-06.png

After a few seconds, you will notice a CREATE_COMPLETE message.

how-to-create-a-readonly-access-in-aws-07.png

Click on the Outputs tab. You will notice a RoleARN field. For example in the next picture the value is arn:aws:iam::12345678:role/ioBasis-read-only-access-readOnlyRole91F876EF-FIQ24M9GVMSU.

how-to-create-a-readonly-access-in-aws-08.png

You only need to copy this value to your clipboard. This step is very important for next one.

Step 3. Send us the RoleARN value

The last step is to send us that code. You can send it using the Contact form. Don’t forget to include your email address, and the RoleARN code (you can now just Paste the copied value). Please send us a message including this information. We will validate the access and reply.

FAQs

Below are some frequently asked questions.

Is this access safe?

Yes. The access is safe. We use strong security policies to keep the access secure. And it allows only us to access.

What’s allowed by this access?

The access allows us to retrieve basic data from your account. It can list the resources, view their costs, and read metrics.

What’s NOT allowed by this access?

  • We can’t do any type of modification in your account (it’s a read-only access)
  • We can’t access log into your instances.
  • We can’t access your code.
  • We can’t access your keys.
  • We can’t access S3 files.

How to get in contact?

You can use the Contact form.