amazon-web-servicesamazon-s3aws-billing

Cost Breakdown by IAM Role


We are using a number of services which are accessing data from AWS S3 via IAM Roles and Credentials. We are looking to get a breakdown of the costs by each IAM role for the data transfer. Is there a way to get a breakdown of costs by the IAM role? Alternatively, what would be the best way to find the API calls that are billed by AWS for data transfer.

Methods Tried We have tried to use Cost Explorer but no options for breakdown by IAM Role/API Key Looked at Server logs for GET requests but unclear as to which calls are being billed Looked at Usage reports. Can figure out ~how much is billed but again can't tell which service is issuing the requests.


Solution

  • Resources in AWS are associated with an AWS Account.

    When a resource is launched, IAM will confirm whether the IAM User / IAM Role has permission to launch the resource. However, once the resource is launched it is associated with the AWS Account, not the entity that launched the resource.

    Therefore, it is not possible to track charges by the entity that launched the resources, or used the resources.

    The closest option is to add tags to resources and split the billing records by Tag.