AWS 受管理政策 - AWS 帳單
AWSPurchaseOrdersServiceRolePolicyAWSBillingReadOnlyAccessBillingAWSAccountActivityAccessAWSPriceListServiceFullAccess政策更新

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

AWS 受管理政策

受管理的策略是獨立的以身分識別為基礎的策略,您可以將其附加到帳戶中的多個使用者、群組和角色。 AWS 您可以使用 AWS 受管理的政策來控制帳單中的存取。

受 AWS 管理的原則是由建立和管理的獨立原則 AWS。 AWS 受管理的政策旨在為許多常見使用案例提供權限。 AWS 受管理的原則可讓您輕鬆地將適當的權限指派給使用者、群組和角色,而不是必須自行撰寫原則。

您無法變更 AWS 受管理原則中定義的權限。 AWS 偶爾會更新 AWS 受管理策略中定義的權限。執行這項動作時,更新會影響政策連接到的所有委託人實體 (使用者、群組和角色)。

計費提供數種常見使用案例的 AWS 受管政策。

AWSPurchaseOrdersServiceRolePolicy

此受管政策准許完全存取帳單和成本管理主控台和採購訂單主控台。該政策允許使用者檢視、建立、更新及刪除帳戶的採購訂單。

{
   "Version":"2012-10-17",
   "Statement":[
      {
         "Effect":"Allow",
         "Action":[
            "account:GetAccountInformation",
            "account:GetContactInformation",
            "aws-portal:*Billing",
            "consolidatedbilling:GetAccountBillingRole",
            "invoicing:GetInvoicePDF",
            "payments:GetPaymentInstrument",
            "payments:ListPaymentPreferences",
            "purchase-orders:AddPurchaseOrder",
            "purchase-orders:DeletePurchaseOrder",
            "purchase-orders:GetPurchaseOrder",
            "purchase-orders:ListPurchaseOrderInvoices",
            "purchase-orders:ListPurchaseOrders",
            "purchase-orders:ListTagsForResource",
            "purchase-orders:ModifyPurchaseOrders",
            "purchase-orders:TagResource",
            "purchase-orders:UntagResource",
            "purchase-orders:UpdatePurchaseOrder",
            "purchase-orders:UpdatePurchaseOrderStatus",
            "purchase-orders:ViewPurchaseOrders",
            "tax:ListTaxRegistrations"
         ],
         "Resource":"*"
      }
   ]
}

AWSBillingReadOnlyAccess

此受管政策會授與使用者檢視 AWS Billing and Cost Management 主控台的存取權。

{
      "Version": "2012-10-17",
      "Statement": [
            {
                "Sid": "VisualEditor0",
                "Effect": "Allow",
                "Action": [
                    "account:GetAccountInformation",
                    "aws-portal:ViewBilling",
                    "billing:GetBillingData",
                    "billing:GetBillingDetails",
                    "billing:GetBillingNotifications",
                    "billing:GetBillingPreferences",
                    "billing:GetContractInformation",
                    "billing:GetCredits",
                    "billing:GetIAMAccessPreference",
                    "billing:GetSellerOfRecord", 
                    "billing:ListBillingViews",
                    "budgets:DescribeBudgetActionsForBudget",
                    "budgets:DescribeBudgetAction",
                    "budgets:DescribeBudgetActionsForAccount",
                    "budgets:DescribeBudgetActionHistories",
                    "budgets:ViewBudget",
                    "ce:DescribeCostCategoryDefinition",
                    "ce:GetCostAndUsage",
                    "ce:GetDimensionValues",
                    "ce:GetTags",
                    "ce:ListCostCategoryDefinitions",
                    "ce:ListCostAllocationTags",
                    "ce:ListCostAllocationTagBackfillHistory",
                    "ce:ListTagsForResource",
                    "consolidatedbilling:GetAccountBillingRole",
                    "consolidatedbilling:ListLinkedAccounts",
                    "cur:DescribeReportDefinitions",
                    "cur:GetClassicReport",
                    "cur:GetClassicReportPreferences", 
                    "cur:GetUsageReport",
                    "freetier:GetFreeTierAlertPreference",
                    "freetier:GetFreeTierUsage",
                    "invoicing:GetInvoiceEmailDeliveryPreferences",
                    "invoicing:GetInvoicePDF",
                    "invoicing:ListInvoiceSummaries",
                    "mapcredit:ListAssociatedPrograms",
                    "mapcredit:ListQuarterCredits",    
                    "mapcredit:ListQuarterSpend",
                    "payments:GetPaymentInstrument", 
                    "payments:GetPaymentStatus",
                    "payments:ListPaymentInstruments",
                    "payments:ListPaymentPreferences",
                    "payments:ListTagsForResource",
                    "purchase-orders:GetPurchaseOrder",
                    "purchase-orders:ListPurchaseOrderInvoices",
                    "purchase-orders:ListPurchaseOrders",
                    "purchase-orders:ListTagsForResource",
                    "purchase-orders:ViewPurchaseOrders",
                    "sustainability:GetCarbonFootprintSummary",
                    "tax:GetTaxInheritance",
                    "tax:GetTaxRegistrationDocument",
                    "tax:ListTaxRegistrations"
            ],
        "Resource": "*"
      }
   ]
}

Billing

此受管理原則會授與使用者檢視和編輯 AWS Billing and Cost Management 主控台的權限。這包括檢視帳戶用量、修改預算和付款方式。

{
    "Version": "2012-10-17",
    "Statement": [
      {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": [            
            "account:GetAccountInformation",
            "aws-portal:*Billing",
            "aws-portal:*PaymentMethods",
            "aws-portal:*Usage",
            "billing:GetBillingData",
            "billing:GetBillingDetails",
            "billing:GetBillingNotifications",
            "billing:GetBillingPreferences",
            "billing:GetContractInformation",
            "billing:GetCredits",
            "billing:GetIAMAccessPreference",
            "billing:GetSellerOfRecord",
            "billing:ListBillingViews",
            "billing:PutContractInformation",
            "billing:RedeemCredits",
            "billing:UpdateBillingPreferences",
            "billing:UpdateIAMAccessPreference",
            "budgets:CreateBudgetAction",
            "budgets:DeleteBudgetAction",
            "budgets:DescribeBudgetActionsForBudget",
            "budgets:DescribeBudgetAction",
            "budgets:DescribeBudgetActionsForAccount",
            "budgets:DescribeBudgetActionHistories",
            "budgets:ExecuteBudgetAction",
            "budgets:ModifyBudget", 
            "budgets:UpdateBudgetAction",
            "budgets:ViewBudget", 
            "ce:CreateNotificationSubscription", 
            "ce:CreateReport", 
            "ce:CreateCostCategoryDefinition",
            "ce:DeleteNotificationSubscription",
            "ce:DeleteCostCategoryDefinition",
            "ce:DescribeCostCategoryDefinition",
            "ce:DeleteReport", 
            "ce:GetCostAndUsage",
            "ce:GetDimensionValues",
            "ce:GetTags",
            "ce:ListCostAllocationTags",
            "ce:ListCostAllocationTagBackfillHistory",
            "ce:ListCostCategoryDefinitions",
            "ce:ListTagsForResource",
            "ce:StartCostAllocationTagBackfill",
            "ce:UpdateCostAllocationTagsStatus",
            "ce:UpdateNotificationSubscription",
            "ce:TagResource",
            "ce:UpdatePreferences", 
            "ce:UpdateReport",
            "ce:UntagResource",
            "ce:UpdateCostCategoryDefinition",
            "consolidatedbilling:GetAccountBillingRole",
            "consolidatedbilling:ListLinkedAccounts",
            "cur:DeleteReportDefinition", 
            "cur:DescribeReportDefinitions", 
            "cur:GetClassicReport",
            "cur:GetClassicReportPreferences",
            "cur:GetUsageReport",
            "cur:ModifyReportDefinition", 
            "cur:PutClassicReportPreferences",
            "cur:PutReportDefinition", 
            "cur:ValidateReportDestination",
            "freetier:GetFreeTierAlertPreference",
            "freetier:GetFreeTierUsage",
            "freetier:PutFreeTierAlertPreference",
            "invoicing:GetInvoiceEmailDeliveryPreferences",
            "invoicing:GetInvoicePDF",
            "invoicing:ListInvoiceSummaries",
            "invoicing:PutInvoiceEmailDeliveryPreferences",
            "mapcredit:ListAssociatedPrograms",
            "mapcredit:ListQuarterCredits",    
            "mapcredit:ListQuarterSpend",
            "payments:CreatePaymentInstrument",
            "payments:DeletePaymentInstrument",
            "payments:GetPaymentInstrument",
            "payments:GetPaymentStatus",
            "payments:ListPaymentInstruments",
            "payments:ListPaymentPreferences",
            "payments:ListTagsForResource",
            "payments:MakePayment",
            "payments:TagResource",
            "payments:UntagResource",
            "payments:UpdatePaymentInstrument",
            "payments:ListPaymentInstruments",
            "payments:UpdatePaymentPreferences",
            "pricing:DescribeServices",
            "purchase-orders:AddPurchaseOrder",
            "purchase-orders:DeletePurchaseOrder",
            "purchase-orders:GetPurchaseOrder",
            "purchase-orders:ListPurchaseOrderInvoices",
            "purchase-orders:ListPurchaseOrders",
            "purchase-orders:ListTagsForResource",
            "purchase-orders:ModifyPurchaseOrders",
            "purchase-orders:TagResource",
            "purchase-orders:UntagResource",
            "purchase-orders:UpdatePurchaseOrder",
            "purchase-orders:UpdatePurchaseOrderStatus",
            "purchase-orders:ViewPurchaseOrders",
            "support:AddAttachmentsToSet",
            "support:CreateCase",
            "sustainability:GetCarbonFootprintSummary",
            "tax:BatchPutTaxRegistration",
            "tax:DeleteTaxRegistration",
            "tax:GetExemptions",
            "tax:GetTaxInheritance",
            "tax:GetTaxInterview",
            "tax:GetTaxRegistration",
            "tax:GetTaxRegistrationDocument",
            "tax:ListTaxRegistrations",
            "tax:PutTaxInheritance",
            "tax:PutTaxInterview",
            "tax:PutTaxRegistration",
            "tax:UpdateExemptions"
        ],
       "Resource": "*"
      }
   ]
}

AWSAccountActivityAccess

此受管理政策會授與使用者檢視帳戶活動頁面的許可。

{
      "Version": "2012-10-17",
      "Statement": [
            {
              "Sid": "VisualEditor0",
              "Effect": "Allow",
              "Action": [
                "account:GetRegionOptStatus",
                "account:GetAccountInformation",
                "account:GetAlternateContact",
                "account:GetChallengeQuestions",
                "account:GetContactInformation",
                "account:ListRegions",
                "aws-portal:ViewBilling",
                "billing:GetIAMAccessPreference",
                "billing:GetSellerOfRecord",
                "payments:ListPaymentPreferences"
        ],
        "Resource": "*"
      }
   ]
}

AWSPriceListServiceFullAccess

此受管理策略會授與使用者對「 AWS 價目表服務」的完整存取權。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSPriceListServiceFullAccess",
            "Effect": "Allow",
            "Action": [
                "pricing:*"
            ],
            "Resource": "*"
        }
    ]
}

AWS 帳單 AWS 管理政策的更新

檢視有關 AWS 帳單 AWS 受管理政策更新的詳細資料,因為這項服務開始追蹤這些變更。如需有關此頁面變更的自動警示,請訂閱「 AWS 帳單文件歷史記錄」頁面上的 RSS 摘要。

變更 描述 日期

AWSPriceListServiceFullAccess -更新的政策

我們新增了 AWS 價目表服務AWSPriceListServiceFullAccess政策的文件。該政策最初於 2017 年推出。我們已更新Sid": "AWSPriceListServiceFullAccess至現有政策。

2024年6月24日

帳單AWSBillingReadOnlyAccess— 更新現有政策

我們已將下列成本分配標籤相關許可新增至 Billing

  • payments:ListTagsForResource

  • payments:TagResource

  • payments:UntagResource

  • payments:ListPaymentInstruments

  • payments:ListPaymentInstruments

  • payments:UpdatePaymentInstrument

我們已將下列標籤相關許可新增至 AWSBillingReadOnlyAccess

  • payments:ListTagsForResource

  • payments:ListPaymentInstruments

2024年5月31 日

帳單AWSBillingReadOnlyAccess— 更新現有政策

我們已將下列成本分配標籤相關許可新增至 Billing

  • ce:ListCostAllocationTagBackfillHistory

  • ce:StartCostAllocationTagBackfill

  • ce:GetTags

  • ce:GetDimensionValues

我們已將下列成本分配標籤相關許可新增至 AWSBillingReadOnlyAccess

  • ce:ListCostAllocationTagBackfillHistory

  • ce:GetTags

  • ce:GetDimensionValues

 2024年3月25日
帳單AWSBillingReadOnlyAccess— 更新現有政策

我們已將下列成本分配標籤相關許可新增至 Billing

  • ce:ListCostAllocationTags

  • ce:UpdateCostAllocationTagsStatus

我們已將下列成本分配標籤相關許可新增至 AWSBillingReadOnlyAccess

  • ce:ListCostAllocationTags

 2023 年 7 月 26 日

AWSPurchaseOrdersServiceRolePolicy帳單AWSBillingReadOnlyAccess— 更新現有政策

我們已將下列採購單標籤相關許可新增至 BillingAWSPurchaseOrdersServiceRolePolicy

  • purchase-orders:ListTagsForResource

  • purchase-orders:TagResource

  • purchase-orders:UntagResource

我們已將下列標籤相關許可新增至 AWSBillingReadOnlyAccess

  • purchase-orders:ListTagsForResource

 2023 年 7 月 17 日

AWSPurchaseOrdersServiceRolePolicy帳單AWSBillingReadOnlyAccess— 更新現有政策

AWSAccountActivityAccess— 新的 AWS 管理策略記錄為 AWS 計費

 在所有政策中新增更新的動作集 2023 年 3 月 6 日

AWSPurchaseOrdersServiceRolePolicy – 更新現有政策

AWS 計費移除不必要的權限。

 2021 年 11 月 18 日

AWS 帳單開始追蹤變更

AWS 帳單開始追蹤其 AWS 管理政策的變更。

 2021 年 11 月 18 日