AWS Billing
| Identifier | Guardrail | Rationale | Remediation | References | IAM Actions |
|---|---|---|---|---|---|
| IAM-BILLING-1 | Check that the ability to modify or update AWS Billing options are only assumable to authorized principals. | In all AWS environments, ensure that only billing and account administrators are able to update or modify AWS billing and account options. Unauthorized modifications could affect your billing payments, budgets, or account information such as email addresses and security contacts. | For unauthorized principals, either remove the associated IAM Actions | https://docs.aws.amazon.com/IAM/latest/UserGuide/list_awsbilling.html |
aws-portal:ModifyBilling aws-portal:ModifyAccount aws-portal:ModifyPaymentMethods |