Upcoming webinar! Join us to see the latest in automated CloudOps with Kion v3.9 Register

Blog Automation & Orchestration Financial Management Release News

New in Release 3.6: New Cloud Access Roles and Expanded Financials for the High-Side

Emily Wayman

4 min read

Last updated on March 3rd, 2023 at 11:41am

This release is all about making Kion more versatile! We’ve added more cloud access roles, more API endpoints, more financial options, more custom branding. We want Kion to enable your cloud, not constrain it. We are excited to bring you these new features to help you customize to your heart’s content.

New Cloud Access Role Types

Building on our existing features for creating and managing AWS IAM roles via cloud access roles, we are adding new functionality to support cross-account roles, service-based access roles, and custom trust policies! As of this release, all functionality of AWS IAM setup is available through Kion as a part of cloud access roles.

AWS Custom Trust Policies for Cloud Access Roles

Custom trust policies enable you to customize cloud access roles even further. Set time limits, limit access to specific services, create restrictions based on an IP address or CIDR range, limit role use based on tags, and a whole lot more. We support all AWS trust policy options as cloud access roles. Unite all your human and non-human roles under Kion management without the need to federate into the AWS Management Console.

As an example, you could grant an auditor access to specific services and enforce the ingress IP address for their activities. Even when you need to grant outside access, you can enforce least privilege best practices.

For more information, see What is a Cloud Access Role?

AWS Cross-Account Cloud Access Roles

You can now create and manage AWS cross-account roles through Kion. We have created a new type of cloud access role: account cloud access roles. Account cloud access roles grant access to specific accounts, instead of to specific users. With this new role, you can stretch automation across accounts or easily federate from one account to another.

Using cross-account cloud access roles, you can:

  1. Establish trust between two AWS accounts.

  2. Define what actions trusted accounts can take.

  3. Define which users can use the cross-account role.

  4. Access one account from the other with temporary credentials.

For example, with cross-account roles, engineers in a development account can make updates to an S3 bucket in multiple pre-production accounts without needing to reauthenticate.

For more information, see What is a Cloud Access Role?

Service Cloud Access Roles

Service account cloud access roles grant access to AWS service principals. When you create this type of role, you select any number of AWS services to be granted access to assigned accounts.

For example, a Lambda may need access to production S3 buckets. Using service cloud access roles, you can grant just that specific Lambda access. This way, you can be sure it can reach necessary resources, and that no additional unwanted services are running in production.

For more information, see What is a Cloud Access Role?

AWS SC2S & C2S Financials

If you still use the AWS Detailed Billing Report (DBR) to analyze spend in SC2S and C2S, we’ve got good news for you. Even though the DBR was deprecated in AWS commercial regions, Kion can ingest the monthly DBR with Resources and Tags (DBR+RT), so AWS customers in high-side environments can take advantage of Kion for spend analysis and financial planning.

This capability empowers our commitment to federal agencies and partners, rounding-out all three pillars of cloud enablement for high-side AWS customers.

User Analytics

Pendo is a third-party product analytics platform that we are integrating into Kion in this release. We specifically use Pendo to collect user analytics for research and development. These analytics will be used for prioritizing new features, refining workflows, and finding sticking points.

The analytics we gather through Pendo will never include personally identifiable information (PII), user-entered text, or the information in form fields. We only use non-attributable string values to segment Kion users in distinct accounts, so all gathered data is properly obfuscated and secure.

If you cannot allow analytics gathering in your environment, we understand. Pendo can be disabled for your entire environment during the installation or update process by your system admin. However, disabling Pendo means that your data won’t be taken into consideration for research and development, and your users won’t receive future in-app guidance. (Don’t worry, there will still be help articles for everything.)

For more information, see our Data Collection Policy.

Kion and Pendo logos

That’s Not All! 

These are just the highlights! For details on all of our new features, changes, and bug fixes, read the full release notes on our Support Center. 

If you're new to Kion, welcome! You can schedule a free demo to learn more about our comprehensive cloud enablement software. You can also follow us on Twitter and LinkedIn for more cloud enablement news. 

About the Author

Emily Wayman

Emily is the technical writer at Kion.

Start your cloud operations journey.

Request a demo today,