Connecting a Cloud Account
To connect accounts for edge platforms, see Setting up Accounts for Edge Platforms.
To add a cloud account in CoPilot:
-
Go to Cloud Resources > Cloud Accounts.
-
Click Onboard Cloud Account.
-
Enter the parameter values:
Parameter Description Account Name
Enter the name of the cloud account.
Cloud Account
Select the Cloud Service Provider (CSP) for this account.
-
Select the parameters specific to the Cloud Account you are using.
See the tables below for the parameters you can select when connecting cloud accounts.
-
Click Save.
The new cloud account appears in the table.
The tables below provide descriptions of the onboarding parameters for each cloud service provider (CSP). They also identify which fields can be modified for each CSP.
After onboarding a cloud account, you can do the following on the Cloud Account page:
-
Modify the settings by clicking the Edit icon in the row of the cloud account.
-
Audit the account from either the Actions menu or the vertical ellipses menu.
-
Update the IAM Policy for any AWS cloud account from the Actions menu.
Kubernetes Clusters
If you have any Kubernetes clusters in your AWS or Azure cloud accounts, they are discovered automatically during the AWS/Azure cloud account onboarding process and displayed on the Cloud Assets > Kubernetes Clusters tab. After they are displayed on this tab they can be onboarded.
All necessary EKS and AKS permissions are added when the CloudFormation script is executed as part of the AWS/Azure cloud account onboarding process.
| Any clusters you created outside of AWS/EKS can be onboarded manually. |
AWS Cloud Account Parameters
When you select AWS as the CSP, you can click the dropdown menu on the AWS icon to select Standard, China, or GovCloud.
You can onboard using CloudFormation or using access keys. CloudFormation is the recommended option. Access keys should only be used in nonproduction environments.
| Parameter | Description | Can Be Modified | Comments |
|---|---|---|---|
Account Name |
The name assigned to the account. |
No |
Assign a descriptive and unique name. |
Cloud Type |
The cloud service provider for the account. |
No |
Select the AWS logo. |
IAM Role-Based |
Toggles IAM role-based access On or Off. |
Yes |
If the IAM Role-Based toggle is set to Off, you are prompted to provide a key and secret for access. |
Launch the CloudFormation template |
The template runs in AWS to establish trust with your access account. (Skip if you have already run the template.) Only displays if IAM Role-Based option is On. |
No The template cannot be rerun to change settings. |
For AWS Standard and GovCloud, the template opens. For AWS China, the template downloads. |
AWS Account Number |
The 12-digit number for the AWS account. |
Yes |
If the account number is changed, the launch CloudFormation option displays and you are prompted at the bottom of the page to create a secondary account. |
AWS Access Key ID |
Part of an access key that provides long-term credentials to sign programmatic requests to the AWS CLI or API. |
Yes |
Only displays if IAM Role-Based is set to Off. Not recommended for production environments. |
AWS Secret Key |
Part of an access key that provides long-term credentials to sign programmatic requests to the AWS CLI or API. |
Yes |
Only displays if IAM Role-Based is set to Off. Not recommended for production environments. |
AWS App Role ARN (Optional) |
Enter the AWS App Role ARN. ARN values are only required if you are creating an access account that is separate from the one from which you deployed the Controller. |
Yes |
Available if IAM Role-Based is On. |
AWS EC2 Role ARN (Optional) |
Enter the EC2 Role ARN. This IAM role gives Aviatrix temporary security credentials to make API requests. |
Yes |
Available if IAM Role-Based option is On. |
Add to RBAC Groups (Optional) |
Select the RBAC (Role Based Access Control) groups that should be able to access this account. |
No |
Available if IAM Role-Based option is On. |
I have run the CloudFormation script to set up this secondary access account. |
Select this checkbox to create a secondary AWS account. |
--- |
This option displays if you change the AWS Account Number. |
Azure Cloud Account Parameters
Note that when you select Azure as the cloud for this account, you can click on the dropdown menu on the icon to select Global, China, or GovCloud.
| Parameter | Description | Can Be Modified | Comments |
|---|---|---|---|
Account Name |
The name assigned to the account. |
No |
Assign a descriptive and unique name. |
Cloud Type |
The cloud service provider for the account. |
No |
Select the Azure logo. |
ARM Subscription ID |
The unique ARM Subscription ID from your Azure account. |
Yes |
Identifies a specific subscription within the Azure account. |
Directory ID |
The unique Entra ID from your Azure account, assigned to a tenant. |
Yes |
Allows users to access Microsoft services. |
Application ID |
The unique identifier assigned to an application in your Azure account. |
Yes |
Allows the application to authenticate and access Azure services. Also called Client ID. |
Application Key |
The Secret Key Value saved from your Azure account. |
Yes |
Used to authenticate an application and provide programmatic access to Azure services. |
Add to RBAC Groups (Optional) |
Lists the RBAC (Role Based Access Control) groups to choose from for access to this account. |
No |
GCP Cloud Account Parameters
| Parameter | Description | Can Be Modified | Comments |
|---|---|---|---|
Account Name |
The name assigned to the account. |
No |
Assign a descriptive and unique name. |
Cloud Type |
The cloud service provider for the account. |
No |
Select the Google Cloud Platform (GCP) logo. |
GCP Project ID |
The unique ID that identifies a specific project in your GCP account. |
Yes |
|
GCP Project Credentials |
The service account credentials file downloaded from GCP. |
Yes |
You must upload a project credentials file. |
Add to RBAC Groups (Optional) |
Lists the RBAC (Role Based Access Control) groups to choose from for access to this account. |
No |
OCI Cloud Account Parameters
| Parameter | Description | Can Be Modified | Comments |
|---|---|---|---|
Account Name |
The name assigned to the account. |
No |
Assign a descriptive and unique name. |
Cloud Type |
The cloud service provider for the account. |
No |
Select the OCI logo. |
OCI Tenancy ID |
The unique ID for your OCI account (tenancy). |
Yes |
|
OCI User ID |
The ID for the user who should have access to this account through CoPilot. |
Yes |
|
OCI Compartment ID |
The unique label for a logical container (compartment) within your OCI tenancy. |
Yes |
Allows you to control access to compartment resources using policies. |
OCI API Private Key File |
The private key file you downloaded from your OCI account. |
Yes |
The secret part of a key pair used to authenticate programmatic requests. |
Add to RBAC Groups (Optional) |
Lists the RBAC (Role Based Access Control) groups to choose from for access to this account. |
No |
Alibaba Cloud Account Parameters
| Parameter | Description | Can Be Modified | Comments |
|---|---|---|---|
Account Name |
The name assigned to the account. |
No |
Assign a descriptive and unique name. |
Cloud Type |
The cloud service provider for the account. |
No |
Select the Alibaba logo. |
Alibaba Account ID |
A unique ID for your Alibaba Cloud account. |
Yes |
|
Access Key |
The access key ID from your Alibaba account. |
Yes |
Part of the AccessKey pair that provides access to APIs and resources. |
Secret Access Key |
The Secret Access Key from your Alibaba account. |
Yes |
Part of the AccessKey pair that provides access to APIs and resources. |
Add to RBAC Groups (Optional) |
Lists the RBAC (Role Based Access Control) groups to choose from for access to this account. |
No |