OU Details


OU Details

OUs are building blocks that act as containers for projects or other OUs and allow you to build out a hierarchy that reflects your company’s organizational structure in the cloud.

Viewing the details pages for your OU gives you a holistic view of your organization's hierarchy, financials, access, policies, and compliance.

To view OU details:

  1. Navigate to OUs > All OUs.
  2. Click the OU you would like to view.

Overview Tab

This is an overview of this OU. Here you can see the OU's creation details, position in the organization chart, activity feed, and any labels applied to it.

For information about applying labels to OUs, see What is a Label?

The Resource Inventory section shows the number of active resources associated with the OU. Click View All OU Resources to view a pre-filtered list of the resources associated with the OU's descendant projects. For more information, see Resource Inventory Overview.

On the organization chart snapshot, you can see the OU's position in your organization and its parent OUs.

The activity feed lists events involving the OU.

Financials Tab

The Financials tab shows information about OU spending, funding source usage, OU financial thresholds, reserved instances, and spend reports. For more information, see OU Financial Details.

Enforcements Tab

Here you can see any enforcements applied to this OU. Financial enforcement actions are configurable remediation actions you can set to trigger when a spending limit is surpassed. You can also set enforcement actions at the service level within an OU.

For information about enforcements, see OU Financial Enforcements.

Users Tab

This tab shows a list of users and user groups who have access to the OU. You can also see whether each user was granted access to this OU locally, through inheritance, or through a global permission scheme.

For information about managing user permissions on OUs, see Managing User Permissions on an OU.

Permissions Tab

Users can be granted permissions at various origin points. You can learn where each user was granted their permissions on this tab, which allows you to view origins by user or by permission.

Select a user, permission, and role to see the permission's origin. You can alternatively click the By Permission tab to select a permission, user, and role to see its origin.

For information about managing user permissions on OUs, see Managing User Permissions on an OU.

Cloud Management Tab

The Cloud Management tab provides access to cloud rules and cloud access roles.

Cloud Rules

Cloud rules are collections of cloud-specific resources that can be applied to cloud accounts, such as policies, templates, and compliance standards. For information about creating, adding, and removing cloud rules on OUs, see Managing Cloud Rules on Resources.

For information on cloud rule inheritance, see Cloud Rule Inheritance and Exemption.

Cloud Access Roles

Cloud access roles are used to log in to the AWS, Azure, or Google Cloud console. For information on managing cloud access roles on OUs, see Managing Cloud Access Roles.

Any cloud access roles created on an OU will be available on all child projects below for the users that have access to the role. They also affect the inheritance of cloud rules. For information about how inheritance works with cloud access roles, see Cloud Access Role Inheritance and Exemption.

Compliance Tab

The Compliance tab shows compliance measures relating to this OU.

Compliance in Kion is made up of three pieces: compliance findings, compliance checks, and compliance standards.

  • Findings identify specific resources that are not compliant. Findings cannot exist without checks, because checks define what is and isn't compliant. A check questions if a resource is compliant, and a finding is the answer to that question.
  • Checks contain definitions for compliance that findings are based on.
  • Standards group together related checks to meet larger compliance goals, guidelines, or requirements.

For detailed information on the compliance summary, see Compliance Overview.

Settings Tab

Use the Settings tab to configure in-app and email notification settings for this OU.

When configuring notifications settings, keep in mind that these settings can be configured in multiple places. Resource level settings configured here override user and global configurations but not locked settings. Resource level settings are, however, user specific. Configurations made here will only apply to the user that configures them. For information about the precedence order for notification settings, see Email and Notifications.