Grant ReadOnly Access to Your AWS Account

This article goes over giving ReadOnlyAccess to your AWS account. It allows us to read data in your AWS account but not make any changes to it.

Console Instructions

Creating an AWS User

Add User to IAM console
  • Set a name for the user and enable both Programatic and Console Access. Then click to Next: Permissions
Enable AWS console access
  • Click Attach existing policy directly and look for ReadOnlyAccessPolicy. Select the policy before clicking Next: Tags
Attach existing policies directly
ReadOnlyAccess Policy
  • Optionally, add a tag to the project for tracking purposes. Click Next when done.
Add IAM Tags
  • Make sure that everything looks right and click Create User
Review managed policies
  • Download the csv and send an email to the person you are granting access to with the IAM login link. Send the csv with the credentials along with the email or separately in a different channel of your choice.
Access Key Id, Secret Access Key and Password screen

Deleting an AWS User

  • After the audit is done, its important to delete the credentials to limit further access (optionally, you can also choose to disable the keys and password but this guide will cover deleting the credential). To do so, go back to the IAM user page here. Select the user you wish to delete and click Delete User. Click Yes on the ensuing confirmation box.
Send email with Sign-in URL to Audit Only User

And you’re done. Hope this article was informative and feel free to reach out or comment if you have any questions or feedback for this post.