Creating a Cloud Account

To create a new cloud account or access a cloud account in CoPilot:

Go to Cloud Resources > Cloud Accounts.
Click Onboard Cloud Account.
Enter the parameter values:

Parameter Description

Account Name

Enter the name of the cloud account.

Cloud Account

Select the Cloud Service Provider (CSP) for this account.
Select the parameters specific to the Cloud Account you are using.

See the sections below for connecting cloud accounts.
Click Save.

The new cloud account appears in the table.

Parameter	Description
Account Name	Enter the name of the cloud account.
Cloud Account	Select the Cloud Service Provider (CSP) for this account.

After an account is created you can you can audit the account from either the Actions menu or the More menu.

You can also update the IAM Policy for any AWS cloud account from the Actions menu. If you select non-AWS cloud accounts when updating policies, the non-AWS accounts are skipped during the update process. Also, the current version of the IAM policy is saved by AWS. Up to 5 (latest) non-default policy versions are retained.

To edit a cloud account, click the Edit icon in the row of the cloud account. You can edit all fields except for Account Name and Cloud Type.

AWS Cloud Account

When you select AWS as the cloud for this account, you can click the dropdown menu on the icon to select Standard, China, or GovCloud.

Parameter	Description
Launch the CloudFormation script to establish the trust with your primary access account. (Skip if you have already run the script).	Select this link to run the CloudFormation script in AWS if you have not already done so. Then, return to this page and continue.
IAM Role-Based	If this account is based on an IAM Role, click on this toggle switch to change it to On.
AWS Account Number	Enter the 12-digit account number.
AWS App Role ARN	(Optional) Enter the AWS App Role ARN. ARN values are only required if you are creating an access account that is separate from the one from which you deployed the Controller.
AWS EC2 Role ARN	(Optional) Enter the EC2 Role ARN.
Add to RBAC Groups	(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.
I have run the CloudFormation script to set up this secondary access account	If you have already run the CloudFormation script to create the primary account in AWS, mark this checkbox.

Parameter

Description

Launch the CloudFormation script to establish the trust with your primary access account. (Skip if you have already run the script).

Select this link to run the CloudFormation script in AWS if you have not already done so. Then, return to this page and continue.

IAM Role-Based

If this account is based on an IAM Role, click on this toggle switch to change it to On.

AWS Account Number

Enter the 12-digit account number.

AWS App Role ARN

(Optional) Enter the AWS App Role ARN. ARN values are only required if you are creating an access account that is separate from the one from which you deployed the Controller.

AWS EC2 Role ARN

(Optional) Enter the EC2 Role ARN.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

I have run the CloudFormation script to set up this secondary access account

If you have already run the CloudFormation script to create the primary account in AWS, mark this checkbox.

Azure Cloud Account

Note that when you select Azure as the cloud for this account, you can click on the dropdown menu on the icon to select Global, China, or GovCloud.

Parameter	Description
ARM Subscription ID	Enter the Azure ARM Subscription ID from your Azure account.
Directory ID	Enter the Directory ID from your Azure account.
Application ID	Enter the Application ID from your Azure account.
Application Key	Enter the Secret Key Value saved from your Azure account.
Add to RBAC Groups	(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Parameter

Description

ARM Subscription ID

Enter the Azure ARM Subscription ID from your Azure account.

Directory ID

Enter the Directory ID from your Azure account.

Application ID

Enter the Application ID from your Azure account.

Application Key

Enter the Secret Key Value saved from your Azure account.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

GCP Cloud Account

Parameter	Description
GCP Project ID	Enter the Project ID from your Google Cloud Platform (GCP) account.
GCP Project Credentials	Click Upload to upload your GCP Project Credentials here.
Add to RBAC Groups	(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Parameter

Description

GCP Project ID

Enter the Project ID from your Google Cloud Platform (GCP) account.

GCP Project Credentials

Click Upload to upload your GCP Project Credentials here.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

OCI Cloud Account

Parameter	Description
OCI Tenancy ID	Enter the Tenancy ID from your OCI account.
OCI User ID	Enter the OCI user ID for the user who should be able to access this account through CoPilot.
OCI API Private Key File	Click Upload to upload the private key file you downloaded from your OCI account.
Add to RBAC Groups	(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Parameter

Description

OCI Tenancy ID

Enter the Tenancy ID from your OCI account.

OCI User ID

Enter the OCI user ID for the user who should be able to access this account through CoPilot.

OCI API Private Key File

Click Upload to upload the private key file you downloaded from your OCI account.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Alibaba Cloud Account

Parameter	Description
Alibaba Account ID	Enter your Alibaba Account ID.
Access Key	Enter the Access Key from your Alibaba account.
Secret Access Key	Enter the Secret Access Key from your Alibaba account.
Add to RBAC Groups	(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Parameter

Description

Alibaba Account ID

Enter your Alibaba Account ID.

Access Key

Enter the Access Key from your Alibaba account.

Secret Access Key

Enter the Secret Access Key from your Alibaba account.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Edge CSP

Parameter	Description
Username	Enter your Edge CSP username.
Password	Enter your Edge CSP password.

Parameter

Description

Username

Enter your Edge CSP username.

Password

Enter your Edge CSP password.