Feature Friday Automation & Orchestration

Feature Friday: Creating a Cloud Access Role (CAR)

John Hall

2 min read

Last updated on September 20th, 2023 at 10:25am

Identity and Access Management (IAM) is a crucial and complicated task for cloud environments of all sizes. It is vital to ensure that only the least needed level of access is granted to various roles and groups. This is made complicated by the varying levels of access needed by those groups as well as ad-hoc requests for exceptions. Many organizations lack visibility and control over their roles and permissions and don't have an easy way of managing their permission sets across their cloud environments. This is exactly the purpose of Cloud Access Roles (CARs). Cloud Access Roles are the powerful, easy-to-use vehicle for granting users the right type and level of access to the cloud service providers to accomplish their work.

Kion uses a hierarchical structure that includes the inheritance of many different roles, permissions, and objects for subsidiary organizational units (OUs) and projects inside Kion. Leveraging this capability, you can define CARs inside of higher-level OUs to have the CAR inherited and propagated to subsidiary OUs and projects, thus allowing you to disseminate and manage needed access across the entire organization quickly.

How to Create a Cloud Access Role

  1. Navigate to the project or OU where you would like the CAR defined.
  2. Select the "Cloud Management" heading.
  3. Select the "Cloud Access Roles" heading.
  4. Select "Add."
  5. Name the Cloud Access Role.
  6. Select the Access Type.
  7. Assign the Cloud Access Role to a User Group.
  8. Either create a new IAM role or manage an existing one for AWS, Azure, or Google Cloud.
  9. Select applicable IAM policies.
  10. Select "Create".

Once created, the CAR will be visible in the list. It will take about 15 seconds for the CAR to propagate throughout the cloud environment but once propagated, users will be able to immediately utilize the CAR as long as they have adequate permission to do so.

Simplifying Multi-Cloud IAM to Enable Faster, More Secure Innovation

Kion gives you the control and context you need to have confidence in your IAM configuration. This confidence, combined with the three pillars necessary for complete cloud control - automation & orchestration, financial management, and continuous compliance - in a single platform, helps you not only eliminate menial tasks but innovate faster in the cloud.

If you’d like to learn more about how Kion can help you to simplify your IAM, governance, and compliance in AWS, Azure, and Google Cloud, please get in contact with one of our experts.

Talk to an expert

About the Author

John Hall

John is a Customer Engineering Manager at Kion.

Related Resources

White Paper Automation & Orchestration Continuous Compliance Financial Management

A Guide to Achieving Results Across the Complete Cloud Lifecycle

Learn the components of complete cloud lifecycle management and how Kion helps organizations scale and see success across cloud environments.


1 min read

Feature Friday Automation & Orchestration Continuous Compliance

Feature Friday: Creating a New Role with Project Permissions

Learn how to create project-specific roles in Kion to enable you to grant precise access to users based on their roles and project requirements.

David Haller  | 
2 min read

Blog Automation & Orchestration Continuous Compliance Financial Management Release News

New in Release 3.8: Multi-Cloud Financial, Compliance, and Provisioning Enhancements

We introduce enhancements to the way you can view and manage cloud spend, as well as improvements to compliance management, Azure subscription creation, spend reports, resource inventory, and more!

Emily Wayman  | 
3 min read

Start your cloud operations journey.

Request a demo today,

Request Demo