Businesses adopting Cloud Computing often have to comply with strict constraints, such as enterprise policies and legal regulations. From these compliance issues arise the need to enable managed cloud service consumption as a prerequisite for adoption. As we have shown before, the proposed TRusted Ecosystem for Standardized and Open cloud-based Resources (TRESOR) cloud ecosystem can achieve management of cloud service consumption [1]. In this paper we motivate and derive the architecture of the distributed TRESOR cloud proxy from technical, business and legal requirements within the context of the TRESOR project. We apply a derivation method where we evaluate the impact of each incremental architecture decision separately. This process enables researchers with supplementary requirements to adapt the intermediate derivations within other contexts in flexible ways.