Skip to main content

intro

Architecture Decision Records

  • Cloud Resource Tagging — Tag naming, required tags, tag-on-create enforcement, and tag budget
  • Management Policies — Full vs. observed lifecycle control, status matrix, and Crossplane implications
  • Managed-By — Resource ownership tracking with app.kubernetes.io/managed-by
  • Permission Boundaries — AWS IAM permission boundaries, ABAC, and delegated role creation
  • AWS SSO Integration — Zone-scoped IAM access via Azure Entra ID and AWS IAM Identity Center
  • Tag Passthrough — Propagating customer metadata from the platform hierarchy to cloud resources