Managing Cloud Access Roles
Cloud access roles (CARs) provide console access for your AWS, Azure, and Google Cloud accounts.
To create a new cloud access role, see Add a Cloud Access Role.
To view which cloud access roles are applied on an OU or project:
- Click the name of the project or OU you wish to view in the project/OU list to access its details page.
- On the project/OU details page, click on the Cloud Management.
- Click on the Cloud Access Roles sub-tab. A list of cloud access roles for the project/OU will be displayed. From this screen, you can view the details page for a role, add a new role, use a role to federate in to a cloud provider console, and edit locally applied roles.
When you are on the Cloud Access Roles tab, you can click the name of a cloud access role to view its details, including the name, access type, AWS IAM role name, origin, and any objects associated with it.
Editing Cloud Access Roles
Cloud access roles can only be edited from the resource they were created on.
An easy way to get to the correct location to edit a cloud access rule is, on the Cloud Management > Cloud Access Roles tab of a project or OU, under the cloud access role name, click the OU name the role was inherited from.
Once you have navigated to the resource where the cloud access role was created, click the ellipsis icon next to the role you would like to edit and select Edit. Here you can change the access type, users, AWS settings, Azure settings, and Google Cloud settings on the role. The cloud access role will be updated everywhere it is applied.