Marketplace For Buyers For Vendors For Partners

Kion - Cloud Operations Platform (Container)

Kion automates CloudOps with a single platform providing policy-based identity, FinOps, and compliance for multicloud infrastructure. Kion helps organizations achieve governance by default through improved visibility, automation, guardrails, and guidance across AWS, Azure, GCP, and OCI environments. This helps enterprises reduce complexity, eliminate chaos, and minimize manual work so they can innovate faster with less risk.

Purchase this listing from Webvar in AWS Marketplace using your AWS account. In AWS Marketplace, you can quickly launch pre-configured software with just a few clicks. AWS handles billing and payments, and charges on your AWS bill.

About

Wherever they are on their cloud journey, Kion empowers organizations to confidently provision accounts, maintain financial control, and ensure compliance with security regulations. Kion serves leading commercial, higher education, and government agencies including Indeed, Verizon, NASA, and the Centers for Disease Control and Prevention (CDC).

For enterprise pricing, contact our team at info@kion.io.

Kion - Privileged Access Requirements

Kion is a cloud governance and management platform that requires privileged access to AWS accounts to provide comprehensive cloud resource management, compliance monitoring, and automated governance. The platform creates and manages cloud resources across multiple AWS accounts on behalf of organizations, which necessitates elevated permissions for proper operation.

| IAM Resource | Purpose | Security Justification |

|--------------|---------|------------------------|

| TaskRole | Primary cloud management execution role for Kion ECS tasks. Enables comprehensive AWS service integration, CloudFormation stack lifecycle management, and secure cross-account role assumption for multi-account cloud governance. | Required for Kion's core function as a cloud management platform. Manages infrastructure deployments, compliance scanning, and resource provisioning across customer AWS environments. |

| ExtractRoleNameLambdaExecutionRole | Lambda execution role for parsing and validating existing IAM role ARNs when customers provide pre-existing application roles instead of creating new ones. | Ensures secure integration with customer-managed IAM roles while maintaining proper access controls. This role is not created with greenfield deployments.|

| ECSTaskExecutionRole | Standard AWS ECS task execution role providing container lifecycle management, Amazon ECR image access, and CloudWatch logging capabilities for the Kion application containers. | Standard AWS service role with minimal permissions required for ECS container execution. |

| CreateSLRLambdaExecutionRole | Lambda execution role for creating AWS ECS service-linked roles required for ECS cluster and service operations. | Creates only AWS-managed service roles necessary for ECS functionality - cannot create custom roles. |

| DBMigrationTaskLambdaExecutionRole | Lambda execution role for database schema migrations and upgrades during Kion application deployments and version updates. | Required for maintaining database integrity during application lifecycle management. |

| EnvFileLambdaExecutionRole | Lambda execution role for securely managing encrypted environment configuration files stored in S3 buckets. | Handles secure configuration management with encryption for sensitive application settings. |

| EcsServiceRestartFunctionExecutionRole | Lambda execution role enabling automated ECS service restart functionality during maintenance windows and application updates. | Provides automated maintenance capabilities to ensure high availability during updates. |

| FederationUserPolicy | IAM policy enabling federated user management and access key lifecycle operations for users accessing managed AWS accounts through Kion. | Cloud Access Management: Kion manages user access to cloud resources across multiple accounts, requiring user and access key management capabilities for federated access. |

| HighSideManagedPolicy | Managed policy for high-security and air-gapped environments, providing controlled role assumption capabilities with additional security restrictions. | Designed for government and high-security environments with restricted cross-account access patterns. |

| ParameterStoreManagedPolicy | Managed policy providing secure access to specific AWS Systems Manager parameters containing encrypted database credentials and configuration values. | Secure credential management using AWS-native parameter store with encryption. |

| ECSExecManagedPolicy | Managed policy enabling AWS ECS Exec functionality for container debugging, troubleshooting, and maintenance operations. | Optional debugging capability - can be disabled in production environments if not needed. |

Related Products

Sedai for ECS: Autonomous Optimization & Remediation

Sedai for ECS is an autonomous cloud management platform powered by AI/ML delivering continuous optimization for cloud operations teams to reduce costs by 40%, improve performance by 35%, reduce FCIs by 50% and improve ops productivity 6x

AI based Intelligent Document Processing

Our product is an advanced artificial intelligence solution designed to streamline document processing workflows for businesses of all sizes. Leveraging cutting-edge machine learning algorithms, it automates the extraction, analysis, and interpretation of valuable information from a variety of documents, including invoices, contracts, forms, and more. With this powerful tool, businesses can significantly reduce manual effort, minimize errors, and accelerate decision-making processes.

Automated SAS to Pyspark Conversion

SAS workloads come with high costs, scalability challenges, and limited flexibility. Hexaware’s Amaze® accelerates SAS-to-PySpark migration using Gen AI and LLM-powered automation, ensuring a 70-80% conversion accuracy, 3x-5x faster execution, and up to 40% cost savings.

Vectra Cognito for Service Delivery Partners (Billed Monthly)

Vectra Threat Detection and Response for Partner Provided Consulting Engagements

Real-time & Historical Datafeeds | Global Post-War Contemporary Auctions

This dataset is prepared for statistical factor pricing models and standardized across variables including country, region, currency, vendor, artist for seamless data filtering. It contains 20+ years of all items in the Post-War & Contemporary art category sold on auction by Christie’s, Sotheby’s, Bonhams and Phillips from 2000 to date.

Philter

Philter deidentifies and redacts sensitive information, such as Personally Identifiable Information (PII) and Protected Health Information (PHI), in text.

Tuberculosis - Total number of cases in the US | CDC

Centers for Disease Control and Prevention provides free and open access to various health related data. This release contains total number of Tuberculosis cases reported in the United States, by region and by states, in accordance with the current method of displaying WONDER data. Data on United States will exclude counts from US territories. The data is available for past 2 years.

AWS Security Review

An AWS Security Review is an opportunity to ensure that your cloud infrastructure is optimized for performance, security, reliability, and cost-effectiveness. Our certified AWS architects will identify any potential issues or areas for improvement in your AWS environment and make recommendations to get your back on track.