Managing Cloud Access Roles
Cloud access roles (CARs) provide console access for your AWS, Azure, and Google Cloud accounts.
To create a new cloud access role, see Add a User Cloud Access Role.
To view which cloud access roles are applied on an OU or project:
- Click the name of the project or OU you wish to view in the project/OU list to access its details page.
- On the project/OU details page, click on the Cloud Management.
- Click on the Cloud Access Roles sub-tab.
When you are on the Cloud Access Roles tab, you can click the name of a cloud access role to view its details, including the name, access type, AWS IAM role name, origin, and any objects associated with it.
For cloud access roles that federate into Google Cloud accounts, to see which permissions are allowed or denied on a cloud access role, click the ellipsis menu next to the role, and select View Permissions. This lists all permissions applied or denied by the role, including those inherited from parent resources.
Editing Cloud Access Roles
Cloud access roles can only be edited from the resource they were created on.
An easy way to get to the correct location to edit a cloud access rule is, on the Cloud Management > Cloud Access Roles tab of a project or OU, under the cloud access role name, click the OU name the role was inherited from.
Once you have navigated to the resource where the cloud access role was created, click the ellipsis icon next to the role you would like to edit and select Edit. Here you can change the access type, users, AWS settings, Azure settings, and Google Cloud settings on the role. The cloud access role will be updated everywhere it is applied.
Additional Configuration Options
These options affect how budgets work, but are not configured on the cloud access roles themselves. These are configured in the system settings.
Limit cloud access role assignments to user groups only
This option removes the option to assign individual users to cloud access roles. When viewing cloud access roles with this enabled, you no longer see a list of every user assigned to the role, only user groups. For more information, see Cloud Access Settings.