Federated Access for Cloud Custodian and the AI-Powered Future

Cloud Custodian has become the go-to engine for cloud governance, cost optimization, and compliance – thanks to its flexibility, policy as code design, and deep community adoption. But as organizations scale, and as we move into an AI-powered future with agents like Stacklet Jun0 assisting teams across FinOps and engineering, the demands on access control are changing fast. It’s no longer just about running policies centrally; it’s about enabling broader teams to participate in governance safely and effectively. That requires more than just powerful policies – it requires secure, federated access.

The Hidden Roadblock to Scaling Governance and Engineering Ownership

Despite its flexibility and engineer-first design, Cloud Custodian presents real access and visibility challenges at scale. Organizations rely on it to enforce policies across FinOps, security, and compliance, either centrally or by empowering individual teams. But the real challenge lies in how visibility and access are managed across users, teams, and accounts- especially at enterprise scale.

Without built-in role-based access controls (RBAC), many organizations are forced to script custom access layers or limit policy management to a small group of trusted users. At the same time, engineering teams often lack visibility into their own cloud environments and control over the policies that affect them. This slows adoption, increases operational overhead, and turns governance into a bottleneck. Without the ability to author, deploy, or support their own policies, engineering teams disengage and critical initiatives are delayed.

To scale governance effectively and engage more engineers, organizations need a secure and flexible way to delegate access, define clear boundaries, and share responsibility – without losing control.

Federated Access: The Missing Link for Agent-Driven Cloud Optimization

At Stacklet, our vision for Jun0 is to go beyond insights and become an active, self-service agent for cloud usage optimization and governance. To make that possible, strong access controls are essential.

Stacklet Jun0 needs secure, scoped access to cloud APIs, governance tools, and sensitive resource and cost data in order to assist teams, take action, and operate safely. Without clearly defined authorization boundaries and robust role-based access controls (RBAC), there’s no secure way to support this level of autonomy without increasing risk.

As users – whether engineering or FinOps teams – interact with Stacklet Jun0, the right RBAC and security controls ensure they have visibility and control over only the resources relevant to them. Federated access is more than a convenience; it’s a foundational requirement for enabling intelligent, action-oriented cloud agents to work safely and effectively.

Introducing Role-Based Access Control (RBAC) in Stacklet

To support both human teams and intelligent agents like Stacklet Jun0, we’ve streamlined and enhanced our RBAC framework in the Stacklet platform. These new access controls are flexible and designed to meet the needs of modern, large-scale cloud governance by enabling secure, federated access across teams, divisions, and use cases.

With Stacklet RBAC, you can drive stronger engineering engagement and accelerate policy adoption by enabling self-service access to governance workflows – without requiring admin privileges. Key capabilities include:

• Delegated access: Assign roles to individual users or groups with fine-grained control over what they can see and manage.

• Granular permissions: Define access by account group, policy collection, repository, or across the full system

• Targeted visibility: Ensure teams only see the cloud resources and policy matches relevant to their responsibilities across cloud policy governance and asset management

Whether you’re enabling engineering teams to manage their own policies, giving FinOps analysts access to cost-specific resources, or preparing Jun0 to operate autonomously, Stacklet’s RBAC capabilities make it easy and secure to scale cloud governance without compromise.