Platform Policies
Navigation
In the Admin Panel sidebar, under Configuration, click Policies.
Overview
Platform policies are enforced across all organizations. When a platform policy is set, it takes precedence over the corresponding organization policy and cannot be overridden by organization admins. When No policy is selected, each organization can choose whether to apply the policy for itself.
Policies
No Root Access
Disable root access to cloud compute resources for all users, including resource owners, across all organizations. Defaults to "Enable root access" if no policy is set.
Nitro Instance Types Only
Restrict compute resources to AWS Nitro instance types only, across all organizations. Defaults to "Allow all AWS instance types" if no policy is set.
No Public IP Addresses
Prevent users from provisioning standalone public IP addresses, across all organizations. Defaults to "Allow public IP addresses" if no policy is set.
When enabled, requests to provision a standalone public IP address are rejected.
Archive Cost Data
Automatically summarize and then archive cost data after a specified number of months to optimize database performance. This will not delete any data, it will only summarize older data.
Cost data can be archived after 1, 3, 6, or 12 months.
Enforce Security Key MFA
Feature Preview
This policy is feature-flagged and may not be visible on your platform.
Require all users to set up and use a hardware security key (such as a YubiKey) for multi-factor authentication when logging in with a password. Users without a registered security key will be prompted to register one before accessing the platform.
Users signing in through an OpenID Connect provider with Skip Platform MFA Verification enabled are not affected by this policy; their identity provider is trusted to perform multi-factor authentication.