Feature Friday Automation & Orchestration

Feature Friday: Creating a Cloud Access Role (CAR)

John Hall

2 min read

Last updated on September 20th, 2023 at 10:25am

Identity and Access Management (IAM) is a crucial and complicated task for cloud environments of all sizes. It is vital to ensure that only the least needed level of access is granted to various roles and groups. This is made complicated by the varying levels of access needed by those groups as well as ad-hoc requests for exceptions. Many organizations lack visibility and control over their roles and permissions and don't have an easy way of managing their permission sets across their cloud environments. This is exactly the purpose of Cloud Access Roles (CARs). Cloud Access Roles are the powerful, easy-to-use vehicle for granting users the right type and level of access to the cloud service providers to accomplish their work.

Kion uses a hierarchical structure that includes the inheritance of many different roles, permissions, and objects for subsidiary organizational units (OUs) and projects inside Kion. Leveraging this capability, you can define CARs inside of higher-level OUs to have the CAR inherited and propagated to subsidiary OUs and projects, thus allowing you to disseminate and manage needed access across the entire organization quickly.

How to Create a Cloud Access Role

  1. Navigate to the project or OU where you would like the CAR defined.
  2. Select the "Cloud Management" heading.
  3. Select the "Cloud Access Roles" heading.
  4. Select "Add."
  5. Name the Cloud Access Role.
  6. Select the Access Type.
  7. Assign the Cloud Access Role to a User Group.
  8. Either create a new IAM role or manage an existing one for AWS, Azure, or Google Cloud.
  9. Select applicable IAM policies.
  10. Select "Create".

Once created, the CAR will be visible in the list. It will take about 15 seconds for the CAR to propagate throughout the cloud environment but once propagated, users will be able to immediately utilize the CAR as long as they have adequate permission to do so.

Simplifying Multi-Cloud IAM to Enable Faster, More Secure Innovation

Kion gives you the control and context you need to have confidence in your IAM configuration. This confidence, combined with the three pillars necessary for complete cloud control - automation & orchestration, financial management, and continuous compliance - in a single platform, helps you not only eliminate menial tasks but innovate faster in the cloud.

If you’d like to learn more about how Kion can help you to simplify your IAM, governance, and compliance in AWS, Azure, and Google Cloud, please get in contact with one of our experts.

Talk to an expert

About the Author

John Hall

John is a Customer Engineering Manager at Kion.

Start your cloud operations journey.

Request a demo today,