env0 will assume an AWS IAM Role in your account, in order to query AWS's billing API.
Read more about cross account role delegation.

To begin, log in to your AWS Console, and select the Identity and Access Management (IAM) service.

Create an AWS IAM Policy

Create an AWS IAM Role

Click on Roles -> Create Role
Under type of trusted entity select Another AWS Account
Under Account ID enter 913128560467
Select **Require external ID**
Enter an External ID of your choosing - consider this like a password env0 will use in order to assume the role.
Click Next:Permissions
Select the policy you created in step 2.
Click Next:Tags
Add the Key env0_environment_id and the Key env0_project_id. Values are not needed.
Click Next:Review
Enter a name for the role, and click Create Role
Click on the Role you just created - We will need the Role ARN and the External ID in subsequent steps.

Go to the "Billing" Service (Billing & Cost Management). You'll need to log into to the parent account, if you are using sub-accounts.
Under the left side menu, click Cost allocation tags.
Under the User-Defined Cost Allocation Tags section, check the checkboxes for the tag-keys env0_environment_id and env0_project_id.
Click Activate
After this step, it can take up to 24 hours to see actual cost values in your environments.

Go to the "Billing" Service (Billing & Cost Management). You'll need to log into to the parent account, if you are using sub-accounts.
Under the left side menu, click Cost Explorer.
Click on the Launch Cost Explorer button.
In the Cost Explorer page on the left side menu click on Preferences.
Under the Hourly and Resource Level Data enable the Hourly and Resource Level Data checkbox and save the changes.

Under your Organization Settings, Select the Credentials tab
Under Cost Credentials, click Add Credential
Select the AWS Assumed Role type, and enter the Role ARN and External ID from the previous step.
Click Add