Project Details


Project Details

Projects are the smallest unit of organization within Kion. They are where you attach your cloud accounts and apply your most specific permissions, enforcements, and policies.

Viewing the details pages for your projects gives you a view of your accounts, financials, access, policies, and compliance associated with each project.

To view project details:

  1. Navigate to Projects > All Projects.
  2. Click the project you would like to view.


This is an overview of this project. Here you can see the project's creation details, parent OU, lifespan, spend, activity feed, and any labels applied to it.

For information about applying labels to projects, see What is a Label?

The cloud access section lists any cloud access roles associated with this project. Selecting a role takes you directly to the cloud provider console. For more information, see What is a Cloud Access Role?

The resource inventory section shows the number of active resources associated with the project. Click View All OU Resources to view a pre-filtered list of the resources associated with the project. For more information, see Resource Inventory Overview.

The spending section summarizes the total spend of accounts attached to this project. The bar graph shows where your spending is in relation to the project's budget. For information on project budgets, see What is a Project Budget?

On the organization chart snapshot, you can see the project's position in your organization and its parent OUs.

The activity feed lists events involving the project.


The Accounts tab provides a list of all cloud accounts attached to the project. From here, you can view, edit, move, cache, or delete attached accounts. For more information, see Getting Started with Account Management.


The Financials tab shows information about the project spend, budgets, monthly spending, reserved instances, and spend reports. For more information, see Project Financial Details.

Savings Opportunities Tab

The Savings Opportunities tab shows a savings opportunity summary that is specific to this project. You can learn more about savings opportunity summaries in the Savings Opportunities Overview article. The terms and charts, and menus are the same in both locations, but while the overview's summary applies to all projects, the summary you see on a project's details page will only apply to that project.

Enforcements Tab

Here you can see any enforcements applied to this project. Financial enforcement actions are configurable remediation actions you can set to trigger when a spending limit is surpassed. You can also set enforcement actions at the service level within a project.

For information about enforcements, Project Financial Enforcements.

Cloud Management Tab

Cloud Rules

Cloud rules are collections of cloud-specific resources that can be applied to cloud accounts, such as policies, templates, and compliance standards. For information about creating, adding, and removing cloud rules on projects, see Managing Cloud Rules on Resources.

For information on cloud rule inheritance, see Cloud Rule Inheritance and Exemption.

Cloud Access Roles

Cloud access roles are used to log in to the AWS, Azure, or Google Cloud console. For information on managing cloud access roles on projects, see Managing Cloud Access Roles.

Any cloud access roles created on an OU will be available on all child projects below for the users that have access to the role. They also affect the inheritance of cloud rules. For information about how inheritance works with cloud access roles, see Cloud Access Role Inheritance and Exemption.

AWS Long-Term Access Keys

Access keys are long-term credentials for an IAM user or the AWS account root user. For more information, see Add an AWS Long-Term Access Key.

Shared AMIs

AMIs are used to create EC2 instances via a disk snapshot, which can be shared to AWS accounts. Once an AMI is shared with an AWS account, users of the AWS account will be able to launch an EC2 based on the AMI. For more information, see Add an AWS AMI to Kion.

Service Catalog Portfolios

AWS Service Catalog portfolios are a way to share AWS CloudFormation templates with other AWS accounts. For more information, see What is an AWS Service Catalog Portfolio?

Compliance Tab

The Compliance tab shows compliance measures relating to this project.

Compliance in Kion is made up of three pieces: compliance findings, compliance checks, and compliance standards.

  • Findings identify specific resources that are not compliant. Findings cannot exist without checks, because checks define what is and isn't compliant. A check questions if a resource is compliant, and a finding is the answer to that question.
  • Checks contain definitions for compliance that findings are based on.
  • Standards group together related checks to meet larger compliance goals, guidelines, or requirements.

For detailed information on the compliance summary, see Compliance Overview.

Users Tab

This tab shows a list of users and user groups who have access to the project. You can also see whether each user was granted access to this project locally, through inheritance, or through a global permission scheme.

Hover over each icon under Cloud Access Type to see if the user has cloud access via web access, short-term access keys, and/or long-term access keys.

For information about managing user permissions on projects, see Managing User Permissions on a Project.

Permissions Tab

Users can be granted permissions at various origin points. You can learn where each user was granted their permissions on this tab, which allows you to view origins by user or by permission.

Select a user, permission, and role to see the permission's origin. You can alternatively click the By Permission tab to select a permission, user, and role to see its origin.

For information about managing user permissions on projects, see Managing User Permissions on a Project.

Settings Tab

Use the Settings tab to configure in-app and email notification settings for this project.

When configuring notifications settings, keep in mind that these settings can be configured in multiple places. Resource level settings configured here override user and global configurations but not locked settings. Resource level settings are, however, user specific. Configurations made here will only apply to the user that configures them. For information about the precedence order for notification settings, see Email and Notifications.