Merge pull request #370 from jdno/remove-billing-access

Remove billing access from legacy account
rust-lang · Dec 6, 2023 · bd836ba · bd836ba
2 parents 5dcf7bf + e1ba660
commit bd836ba
Showing 1 changed file with 0 additions and 25 deletions.
diff --git a/terraform/team-members-access/foundation.tf b/terraform/team-members-access/foundation.tf
@@ -46,31 +46,6 @@ resource "aws_iam_group_policy" "foundation" {
         Action   = ["support:*"]
         Resource = "*"
       },
-      // Billing-related resources
-      {
-        Effect = "Allow"
-        Action = [
-          "aws-portal:*Usage",
-          "aws-portal:*Billing",
-          "aws-portal:*PaymentMethods",
-          "ce:*",
-          "purchase-orders:*",
-          "tax:*",
-          "cur:DescribeReportDefinitions",
-          "cur:PutReportDefinition",
-          "cur:DeleteReportDefinition",
-          "cur:ModifyReportDefinition"
-        ]
-        Resource = "*"
-      },
-      // But not account settings
-      {
-        Effect = "Deny"
-        Action = [
-          "aws-portal:*Account",
-        ]
-        Resource = "*"
-      },
       // Access to the Route 53 console
       {
         Effect = "Allow"