amazon-web-servicesamazon-cloudwatchaws-billing

Restrict the predefined CloudWatch metric namespace access


There are a no. of predefined metric namespace present in CloudWatch console. There is 1 such 'AWS/Billing' metric namespace are visible which is not required.

Can someone suggest a solution to either one points below :-

  1. block this 'billing' metrics so no one able to view this metrics.
  2. The metrics is visible but no-one is able to view the data in it.

Any of the above points solution is helpful. enter image description here


Solution

  • Probably you could use cloudwatch:namespace IAM condition key to limit access to these metrics. The docs I linked provide some examples, so you would have to try and see.

    The alternative is not to give users access to us-east-1. These billing metrics are only visible in this region, so just do not allow your users to access the region if possible.