Cloud Access Settings
Settings > System Settings > Application Settings > Cloud Access
Admin Audit
Admin audit analyzes your cloud accounts to identify access risks. When enabled, it provides a detailed daily report of principals with privileged access on the accounts within your projects and OUs.
Enabling administrator audit will deploy two CloudFormation templates responsible for analyzing access and creating reports. The stacks will be deployed to the account Kion is installed in and all managed accounts.
- Access Analyzer. Runs the audit.
- Report Generator. Compiles results into data files.
Once the required CloudFormation templates are deployed, you will be able to view users with IAM administrator access to your AWS accounts by OU or project.
- To view a count of your cloud administrators and a summary of recent changes, navigate to an OU or project and select Overview.
- To view a detailed report of your cloud administrators, navigate to an OU or project and select Cloud Management > Cloud Administrators.
For more information, see Admin Audit Overview.
The resources deployed by these CloudFormation templates will incur costs. Cost will vary based on the amount of accounts and IAM principles in your environment.
User Assignment on Cloud Access Roles
This option removes the option to assign individual users to cloud access roles. When viewing cloud access roles with this enabled, you no longer see a list of every user assigned to the role, only user groups. This is useful for preserving user privacy in multi-tenant environments.
This applies to existing and new cloud access roles throughout Kion.
If individual users are assigned to cloud access roles, they will be removed when this is enabled. Existing user group assignments will not be affected.