Kion · Schema
Kion Cloud Access Role
A cloud access role defines access permissions for users and groups to cloud accounts at the OU or project level, supporting AWS, Azure, and GCP IAM policies.
Cloud OperationsComplianceCostsFinOpsGovernanceSpend
Properties
| Name | Type | Description |
|---|---|---|
| id | integer | Internal Kion cloud access role ID. |
| name | string | Cloud access role name. |
| aws_iam_role_name | string | AWS IAM role name. |
| web_access | boolean | Whether web console access is enabled. |
| short_term_access_keys | boolean | Whether short-term access keys are enabled. |
| long_term_access_keys | boolean | Whether long-term access keys are enabled. |
| aws_iam_policies | array | AWS IAM policy IDs attached to the role. |
| azure_role_definitions | array | Azure role definition IDs attached to the role. |
| gcp_iam_roles | array | GCP IAM role IDs attached to the role. |
| users | array | User IDs assigned to the role. |
| user_groups | array | User group IDs assigned to the role. |
| accounts | array | Account IDs the role applies to. |
| labels | object | Labels associated with the cloud access role. |
| created_at | string | Timestamp when the cloud access role was created. |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://github.com/api-evangelist/kion/blob/main/json-schema/cloud-access-role.json",
"title": "Kion Cloud Access Role",
"description": "A cloud access role defines access permissions for users and groups to cloud accounts at the OU or project level, supporting AWS, Azure, and GCP IAM policies.",
"type": "object",
"properties": {
"id": {
"type": "integer",
"description": "Internal Kion cloud access role ID."
},
"name": {
"type": "string",
"description": "Cloud access role name."
},
"aws_iam_role_name": {
"type": "string",
"description": "AWS IAM role name."
},
"web_access": {
"type": "boolean",
"description": "Whether web console access is enabled."
},
"short_term_access_keys": {
"type": "boolean",
"description": "Whether short-term access keys are enabled."
},
"long_term_access_keys": {
"type": "boolean",
"description": "Whether long-term access keys are enabled."
},
"aws_iam_policies": {
"type": "array",
"items": { "type": "integer" },
"description": "AWS IAM policy IDs attached to the role."
},
"azure_role_definitions": {
"type": "array",
"items": { "type": "integer" },
"description": "Azure role definition IDs attached to the role."
},
"gcp_iam_roles": {
"type": "array",
"items": { "type": "integer" },
"description": "GCP IAM role IDs attached to the role."
},
"users": {
"type": "array",
"items": { "type": "integer" },
"description": "User IDs assigned to the role."
},
"user_groups": {
"type": "array",
"items": { "type": "integer" },
"description": "User group IDs assigned to the role."
},
"accounts": {
"type": "array",
"items": { "type": "integer" },
"description": "Account IDs the role applies to."
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
},
"description": "Labels associated with the cloud access role."
},
"created_at": {
"type": "string",
"format": "date-time",
"description": "Timestamp when the cloud access role was created."
}
},
"required": ["name"]
}