5-10 min setup

Connect AWS to StackSpend

Track AWS costs across all your accounts using AWS Cost Explorer API. Supports single accounts and AWS Organizations multi-account setups.

StackSpend connects to AWS via the Cost Explorer API using a read-only IAM role. Supports single accounts and AWS Organizations multi-account setups. Get daily visibility, 90 days of history, anomaly detection, and spend forecasting. Setup takes 5-10 minutes.

Prerequisites

  • An AWS account with billing enabled
  • Access to AWS Console with IAM permissions
  • Cost Explorer API access (enabled by default)

AWS Organizations Multi-Account Setup

If you have multiple AWS accounts managed through AWS Organizations, you can use a single set of credentials from your management account to track costs across all member accounts.

  • Only one IAM user/role needed (in management account)
  • Automatic detection of all linked accounts
  • Costs automatically grouped by account ID

Important: You must use credentials from the AWS Organizations management (payer) account, not member accounts. Also enable "Linked Account Access" in Cost Explorer preferences.

Step 1

Create an IAM User

StackSpend needs read-only access to AWS Cost Explorer API. We'll create a dedicated IAM user with minimal permissions.

  1. 1Sign in to the AWS Console
  2. 2Navigate to IAMUsersAdd users
  3. 3Enter a username (e.g., stackspend-cost-reader)
  4. 4Select "Attach policies directly"
  5. 5Search for and select AWSBillingReadOnlyAccess
  6. 6Click Next and complete user creation

Note: The AWSBillingReadOnlyAccess managed policy provides read-only access to Cost Explorer API and billing information. It includes all permissions needed for StackSpend to fetch cost data.

Step 2

Create Access Keys

Generate Access Key ID and Secret Access Key for programmatic access.

  1. 1Click into the newly created user
  2. 2Select Security credentials tab
  3. 3Click Create access key and choose "Application running outside AWS"
  4. 4Click Create access key
  5. 5Important: Copy both the Access Key ID and Secret Access Key immediately. You won't be able to see the secret key again after closing this dialog.
Step 3

Enable Billing Access

AWS requires explicit permission for IAM users to access billing data.

  1. 1Go to AWS ConsoleAccount Settings (top right) → Billing
  2. 2Enable "IAM User and Role Access to Billing Information"
  3. 3Without this, even with correct policies, IAM users cannot access billing data
Step 4 (Multi-Account Only)

Enable Linked Account Access

If you're using AWS Organizations, enable this to see costs from all member accounts.

  1. 1Go to AWS Billing ConsoleCost ExplorerPreferences
  2. 2Enable "Linked Account Access"
  3. 3This allows the management account to see costs from all member accounts
Step 5

Connect in StackSpend

Enter your credentials in StackSpend and test the connection.

  1. 1Go to SettingsProviders in your StackSpend dashboard
  2. 2Click Add Provider
  3. 3Select AWS
  4. 4Enter your credentials:
    • Access Key ID: Paste your Access Key ID
    • Secret Access Key: Paste your Secret Access Key
    • Region: Select a region (defaults to us-east-1)
    • Account ID: (Optional) Your 12-digit AWS account ID
  5. 5Click Test Connection to verify your credentials
  6. 6Once the test succeeds, click Connect

After Connecting

Once AWS is connected, StackSpend begins syncing historical cost data. The first sync typically takes a few minutes depending on the size of your billing history.

  • Costs sync automatically every 6 hours
  • You can trigger a manual sync from the provider settings page
  • View your AWS costs in the Dashboard alongside other providers
  • Set up budgets and alerts for AWS spending

Troubleshooting

"Invalid credentials" Error

  • Verify your Access Key ID and Secret Access Key are correct
  • Ensure you copied the complete keys (no extra spaces)
  • Check that the IAM user still exists and is active

"Insufficient permissions" Error

  • Verify the IAM user has the AWSBillingReadOnlyAccess policy attached
  • Wait a few minutes after attaching policies for changes to propagate
  • Verify that "IAM User and Role Access to Billing Information" is enabled in Account Settings

"No cost data found" Message

  • AWS Cost Explorer has a 24-hour delay - recent costs won't appear immediately
  • Ensure you're querying a date range that's at least 24 hours old
  • Verify you have actual AWS usage/costs in the selected date range

Important Notes

  • 24-hour delay: Cost data is available ~24 hours after it's incurred
  • 12-month lookback: Can only query costs from the last 12 months
  • Rate limits: Default quota of 100 requests per hour per account
  • Regional: Cost Explorer API is only available in us-east-1 region

Related reading

Additional Resources

Know where your cloud and AI spend stands — every day, starting today.

Sign up
Connect AWS to StackSpend — Step-by-Step Guide