Blog Automation & Orchestration AWS

How Complements AWS: Account Management and Permissions

Marianna Noll

2 min read

Last updated on February 4th, 2023 at 2:40pm

We often get questions about how compares to or differs from capabilities provided by public cloud providers. In this blog series, we're looking at how complements and extends native AWS functionality.

In our second post, we're covering account management and permission functionality, including AWS Organizations, AWS Identify and Access Management, and AWS Service Control Policies.

If you missed our first post, catch up here with setup and provisioning.

AWS Organizations

Working With

AWS Organizations helps to group accounts together and apply policies to restrict AWS services based on the grouping.

In commercial AWS regions, leverages AWS Organizations to programmatically create new AWS accounts.

Building On helps you reduce manual labor, scale growth, and see value by:

  • Providing an easy-to-use, hierarchical account management interface across commercial and GovCloud regions that matches your familiar and unique organizational model.
  • Augmenting AWS Organizations’ support for Service Control Policies with support for IAM policies – all bundled within Cloud Rules for easy inheritance across the hierarchy.
  • Supporting multiple payer accounts, allowing companies or resellers with multiple groups paying monthly invoices to get a single view of their cloud presence.

AWS Identify and Access Management (IAM) and Service Control Policies (SCPs)

Working With

AWS Identity and Access Management (IAM) enables customers to create and manage AWS users and groups and use permissions to allow and deny their access to AWS resources.

AWS Service Control Policies (SCPs) determine what services and actions can be delegated by administrators to the users and roles in accounts. SCPs do not grant any permissions. Cloud Rules bundle multiple AWS services, including IAM policies, into a single entity for ease of use. SCPs can be used to restrict services that cannot be used by even administrators, while manages permissions at specific role levels across one or more accounts.

Building On reduces manual labor and minimizes risk and errors by:

  • Providing customer-specific hierarchical management and application of IAM policies using a tree structure, while keeping policies in sync across your organization.
  • Simplifying end user access by federating authenticated users into IAM roles, reducing the number of IAM user accounts required.
  • Restricting services and configurations at a granular level based on specific conditions such as only using specific AWS regions to satisfy compliance standards.
  • Providing a way to request exemptions against policies so only specific roles can gain access to services.

In the final post in our series, we’ll look at how complements AWS native capabilities around billing and cost management.

About the Author

Marianna Noll

Marianna is the Senior Director of Marketing at Kion.

Start your cloud operations journey.

Request a demo today,