A cloud access role is essentially the ability for a user to log in to the AWS or Azure console. It represents an AWS IAM role or Azure role definition that is created in an AWS/Azure account. That role has a trust policy that allows cloudtamer.io to provide the user with access to the console. IAM policies, permissions boundaries, and Azure role definitions can be attached directly to the cloud access role from cloudtamer.io when it is created. IAM policies and Azure role definitions can also be inherited from cloud rules that are attached to the project or any parent OUs.
The cloud access roles are actively managed by cloudtamer.io. If any changes are made to the IAM roles or Azure role definitions outside of cloudtamer.io, the changes will be reverted back automatically.
Any cloud access roles created on an OU will be available on all child projects below for the users that have access to the role. A good use for these roles is for System Administrators, Network Engineers, or Billing Managers that need access to the same services in every AWS/Azure account.