meshStack operators can configure the Platforms available to users. See the Platforms section in the sidebar for details on the platforms supported by meshstack.
meshStack provides simple and effective means to implement access policies, for example to control data sovereignty and access to public cloud platforms. Operators are also able to define "boundaries" on various levels and allow controlled delegation to self-service while retaining full control over policies.
This feature can be used for example to restrict access to a public cloud provider only to customer accounts that passed a certain data-protection clearance process.
Customers can create meshProjects that use the meshPlatforms available to their Customer account. Configuring the meshPlatforms available to a project is restricted to users with the Customer Admin and Owner Role, providing a further level of possible delegation.
Deprovisioning / Deleting Projects
When meshProjects are deleted in meshStack, meshStack can automatically also delete associated tenants associated with the project in the connected cloud platforms. Before a project can be automatically deleted by meshStack, users must make sure that no resources are left in the cloud platform tenants. This is a security measure as we do not want to accidently delete a tenant with resources still used from the cloud platforms. We therefore check the absence of resources prior of project deletion and upon presence of a resource we stop the deprovisioning process.
This security check is currently supported for the platforms:
- Service Marketplace
Since this security measure is very important, fully automated deprovisioning of projects from other platforms is currently not supported and requires manual intervention. We are looking into extending support for further automating this process in the future.