Applying an IAM Policy to a Cloud Access Role
IAM policies can be attached to cloud access roles on the project level or the OU level.
When an IAM policy is attached to a cloud access role on the project level, Kion will create an IAM role on all the AWS accounts attached to the project. It will then attach the IAM policy to the role it just created. If it's a policy that doesn't already exist in the AWS account, it will be created.
Once the IAM policy is attached, the user will have the permissions assigned to the IAM role when they use the Cloud Access menu to log into an AWS account. One or more IAM policies can be attached to a single cloud access role. The soft limit in AWS is 10 IAM policies per role, so you need to consolidate IAM policies if you attach more than 10. Kion will throw an error if you attach more than 10 IAM policies to a single cloud access role.
To learn how to apply an IAM policy to a cloud access role, see the Add a User Cloud Access Role article.