Cloud rules are collections of cloud-specific resources that can be applied to cloud accounts in a managed way. Cloud rules are applied hierarchically and inherited from parent OU to child OU to any projects below, or they can be applied to individual projects on their own.
Users can request exemptions for Cloud rules on specific projects and OUs. If a Cloud rule exemption request is approved on an OU, then all of the projects below the OU are also exempt from the Cloud rule. A Cloud rule can be re-applied at any time.
Cloud rules can apply the following resources to cloud accounts:
- AWS IAM Policies
- AWS CloudFormation Templates
- Shared AWS AMIs
- AWS Service Catalog Portfolios
- Azure Role Definitions
- Azure Policy Definitions
- Azure ARM Templates
- Compliance Standards