Users
Users defined in this account. CloudLens needs a dedicated read-only IAM user.
| User name | Groups | Last activity | Created |
|---|---|---|---|
| demo-admin | — | Today | 2024-08-12 |
| deploy-bot | deployers | Yesterday | 2025-02-04 |
Specify user details
Step 1 of 3
The name can have up to 64 characters. Valid: A-Z, a-z, 0-9, and + = , . @ _ -
Console access
Provide user access to the AWS Management Console — optional
If you're not providing console access, CloudLens only needs programmatic credentials.
Set permissions
Step 2 of 3
Permissions options
Add user to group
Add user to an existing group, or create a new group.
Copy permissions
Copy all group memberships, attached managed policies, and inline policies from an existing user.
Attach policies directly
Attach a managed policy directly to a user. We recommend a custom inline policy for CloudLens.
Visual editor
JSON
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"ce:GetCostAndUsage",
"ce:GetCostAndUsageWithResources",
"ce:GetDimensionValues",
"ce:GetCostForecast"
],
"Resource": "*"
}]
}
Review and create
Step 3 of 3
User details
| User name | CloudLensReadOnly |
| Console password type | None |
| Require password reset | Off |
Permissions summary
| Type | Inline policy |
| Name | CloudLensCostExplorerRead |
| Actions | ce:GetCostAndUsage, ce:GetCostAndUsageWithResources, ce:GetDimensionValues, ce:GetCostForecast |
| Resource | * |
Security credentials
No access keys yet. CloudLens needs an access key + secret to call the Cost Explorer API on this user's behalf.
| Access key ID | AKIA••••••••XYZ4 |
| Secret access key | ••••••••••••••••••••••••••••pQrS |
!
Final step: paste these into the CloudLens extension popup. CloudLens stores them locally in Chrome — they never reach our servers.
CloudLens
Connect your AWS account