Login
    Contents x
    Access Control Policies Best Practices
    • 10 Sep 2024
    • 2 Minutes to read
    • Print
    Contents

    Access Control Policies Best Practices

    • Updated on 10 Sep 2024
    • 2 Minutes to read
    • Print
    Article summary

    An Access Control Policy is used by a cloud provider to limit the resources that can be provisioned within the cloud environment. This prevents additional cloud costs by preventing users from creating resources that are not relevant to the content or outside the scope of the lab.

    What Are Access Control Policies

    Access Control Policy is a Skillable Studio platform term. More natively, these have different names depending on the cloud provider you are authoring for as seen in the below table:

    Cloud Platform

    Policy Type

    Microsoft Azure

    Azure Policies

    Amazon Web Services

    IAM Managed Identity-Based Policies

    Why Do I Need an Access Control Policy

    The primary purposes of Access Control Policies are:

    • To prevent malicious users from abusing a lab for personal gain.

    • To prevent additional charges from incurring by blocking users from creating items of a higher cost SKU than needed.

    • To help users stay within the goals of a lab by blocking them from unneeded resources.

    Frequently Asked Questions

    Will an Access Control Policy block my lab resource templates from deploying

    This depends on a couple of variables such as what your policy is blocking and your options selected on your lab profile in Skillable Studio. Below are the 2 different deployment scenarios and how they interact with your policy:

    • Deployment Method 1: Resources deploy before the user is in the lab.

      • This is the default and most common deployment method.

      • With these deployments Access Control Policies are not applied until after all resources are deployed, and therefore will not impact your deployment at all.

    • Deployment Method 2: Resources deploy in the background while the user can interact with the lab.

      • This deployment method is less common and is accomplished by selecting the "Deploy in Background" option on a resource template from the lab profile.

      • With these deployments the policies will be in place while resources are deploying, so you will need to ensure there are exceptions within your policy for any resources the template is deploying.

    Are there sample policies available somewhere

    Yes! For more samples, see the table below for each of the cloud providers:

    Cloud Platform

    Skillable Sample

    Official Samples

    Microsoft Azure

    Skillable Azure Samples

    Microsoft Docs

    Amazon Web Services

    Skillable AWS Samples

    AWS Docs

    How do I know what conditions or fields I can use when I am creating a policy from scratch

    This will vary based on the cloud platform you are working with as noted below:

    Microsoft Azure

    Microsoft policies utilize a JSON definition. Very thorough documentation on this is available here.

    Amazon Web Services

    Amazon supplies a full graphical user interface (GUI) called the "Visual Editor" to make policy creation simple without knowing complex code languages like JSON. Instructions for using the visual editor can be found here.

    Can I use JSON instead of using the AWS visual editor

    Yes you can. Amazon also supplies documentation on the overall policy structure available here and deeper information about specific policy elements here.

    Related Topics

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout