Blog Continuous Compliance Cloud Enablement Release News
Last updated on February 1st, 2023 at 3:03pm
In this release, we focused on answering questions. What do you have? Who can use it? How can you start using it faster? While these are constant questions when it comes to cloud enablement, our newest features take big steps towards answering them.
What is in Your Environment?
It is essential to know what resources exist within your environment to meet financial, security, compliance, and operational requirements. Use the resource inventory to view, filter, and search for resources across your cloud accounts.
You can keep an eye on resource totals and status at a high level, and, if you notice something you need to address, you can quickly drill down to specific resources. Clicking on the name of any resource shows its status, associated projects, account numbers, spend data, savings opportunities, and compliance findings. You can also see the tags associated with the resource. We pull tags straight from the cloud provider, so you can see every tag on the resource in one view, or you can use them to search and filter your inventory to find related resources.
Any supported resources associated with accounts in Kion are automatically pulled into the resource inventory once this feature is enabled. In this release, we have included support for many common AWS and Azure resources.
For more information, see our article Resource Inventory Overview.
How Can You Control Access?
Google Cloud Preventative Roles
Kion uniquely offers the option to deny permissions on Google Cloud IAM roles. In Google Cloud, IAM permissions can be granted by IAM roles, but there is no way to deny permissions. We bridge this gap by enabling you to add denied permissions to IAM roles managed in Kion. You can deny specific permissions, or use wildcards to deny groups of permissions. Denials on IAM roles are inherited by descendant resources, enabling organization- and department -wide protections.
For example, if you want to ensure no one in your organization uses a specific service that is not approved by your security team, you can create an IAM role to block permissions to that service using a wildcard and apply the role to a top-level cloud access role. All permissions for that service would then be denied on all descendant projects.
For more information, see our article Preventative Google Cloud IAM Roles.
Cloud Access Role Restrictions for Azure
This new functionality allows you to specify which resource groups can use a cloud access role when creating or editing the role. Multiple subscription/resource group combinations can be added to a single role, enabling granular configuration.
As usual, resource groups specified in this way can be accessed from the Cloud Access dropdowns throughout Kion. This means that you can set up cloud access roles that perfectly suit different functional positions in your organization, without changes to how users federate into accounts. You can grant one user access to an entire subscription and another user access to only a couple resource groups within that subscription, but they continue accessing accounts the same way as they always have. Configuring access this way supports the principle of least privilege, without requiring you to change processes.
For more information, see the Azure section of our article Add a Cloud Access Role.
How Can You Get to Your Resources Faster?
Add Spend Plans After Project Creation
A spend plan is the combination of funding sources, specific funding amounts, and start/end dates that determine the budget of a project. In this release, we have added the ability to add spend plans to existing projects, instead of requiring them to be added during project creation. This allows for more flexibility when setting up and managing your organization.
Not only does this change enable you to begin setting up projects, policies, and access control before financials are in place, it also makes it easier to reorganize OU and project hierarchies after funds have started to flow through the system.
If you still want to require spend plans during project creation, there is an option in the system settings that makes them non-optional. Choose the process that works best for your workflow!
For more information, see our article Add a Spend Plan to an Existing Project.
That’s Not All!
These are just the highlights! For details on all of our new features, changes, and bug fixes, visit our Support Center.
If you're new to Kion, welcome! You can schedule a free demo to learn more about our comprehensive cloud enablement software. You can also follow us on Twitter and LinkedIn for more cloud enablement news.