Table of contents

Cloud Account Access

User Access

User Role Can Access
Power User
Custom - Full Access
Read Only
Custom - Read Only

Access Settings



Main Dashboard > Select {Account} > Settings > Access settings > Update access settings

Conformity requires access to your AWS Account data to run rules and provide monitoring services.

Account access is initially granted when you Add Cloud Account, and can be modified for existing accounts.

  1. Change the mode of your account. The two modes are:

    1. Automated
    2. Manual
  2. Update the policy template on your account, which can be identified by the Cloud Conformity Custom Policy Version Rule. Cloud Conformity updates the policy template periodically. To do so,

    1. Check the status of your policy
    2. If the version of the template does not match with the latest released template version, the Cloud Conformity Custom Policy Version Rule displays a failure.
    3. If Status = Failure, update access settings

You can also view the Role ARN, which is a unique identifier for an IAM role created when you Add Cloud Account.



Main Dashboard > Select {Group} > Settings > Edit Access Settings

  1. Click on the Edit access settings... button
  2. Make the required updates and click on Update settings.

Microsoft Entra ID Settings

Once you have added a Microsoft Entra ID successfully to Conformity, you can configure Rules after your first Conformity Bot run.

You will need to allow Conformity with permission to list Key Vault Attributes and Secrets in your Azure account to be able to run certain rules successfully in the Conformity platform. For details see, Add Access Policy for Key Vault Attributes


If Conformity is unable to access the AWS or Azure account due to issues such as deleted IAM Role, deleted stack, incorrect App registration credentials etc., you can view the errors under:

  1. Cloud Account Settings
  2. Access Settings