Topics on this page
Cloud Account Access
User Access
| User Role | Can Access |
|---|---|
| Administrator |  |
| Power User | |
| Custom - Full Access | |
| Read Only |  |
| Custom - Read Only | |
Access Settings
AWS
| Location | Main Dashboard > Select {Account} > Settings > Access settings > Update access settings |
Conformity requires access to your AWS Account data to run rules and provide monitoring services.
Account access is initially granted when you Add Cloud Account, and can be modified for existing accounts.
-
Change the mode of your account. The two modes are:
-
Update the policy template on your account, which can be identified by the Cloud Conformity Custom Policy Version Rule. Cloud Conformity updates the policy template periodically. To do so,
- Check the status of your policy
- If the version of the template does not match with the latest released template version, the Cloud Conformity Custom Policy Version Rule displays a failure.
- If Status = Failure, update access settings
You can also view the Role ARN, which is a unique identifier for an IAM role created when you Add Cloud Account.
Azure
| Location | Main Dashboard > Select {Group} > Settings > Edit Access Settings |
- Click on the Edit access settings... button
- Make the required updates and click on Update settings.
Microsoft Entra ID Settings
Once you have added a Microsoft Entra ID successfully to Conformity, you can configure Rules after your first Conformity Bot run.
You will need to allow Conformity with permission to list Key Vault Attributes and Secrets in your Azure account to be able to run certain rules successfully in the Conformity platform. For details see, Add Access Policy for Key Vault Attributes
Errors
If Conformity is unable to access the AWS or Azure account due to issues such as deleted IAM Role, deleted stack, incorrect App registration credentials etc., you can view the errors under: