NOTE: The option to manage cloud accounts is available to administrators only.
To allow CloudShell Colony to provision cloud infrastructure, on your behalf in your AWS cloud account, you need to grant CloudShell Colony permission to access your AWS account. You can remove this permission at any point, directly from your AWS Management Console. Your cloud account credentials are not saved in CloudShell Colony.
Granting CloudShell Colony the permission to access your AWS account is done through a short authentication process, during which CloudShell Colony creates a slim management layer that keeps your data safe.
The authentication process is done by running a Cloud Formation Stack in your AWS account, which creates the following resources:
- IAM Role– This Role allows CloudShell Colony to run AWS CLI commands that access your AWS Account. It will be used for all communication between CloudShell Colony and your AWS account.
- S3 Bucket– This bucket is used for keeping your virtual machines safe. CloudShell Colony uses it to store certificates that are required in order to access your virtual machines. The certificates are kept only in your own account.
- Dynamo DB– CloudShell Colony uses this database to keep track of all the infrastructure you create using CloudShell Colony.
NOTE: part of the following procedure is performed in Amazon Web Services (AWS). AWS will open in a new browser tab.
To add an AWS cloud account:
- In the Administration area, click the Cloud Accounts tab.
- Click +Add Cloud Account.
- Select AWS. Follow the directions to Authenticate your AWS Cloud Account that display.
- In the AWS account login page:
- Enter your AWS login credentials.
The Quick create stack screen opens with the Stack name, ExternalID and Trusted Account fields populated with the required information. - In the Capabilities pane, select the I acknowledge that AWS CloudFormation might create IAM resources checkbox and click Create Stack.
Your stack is being created.
NOTE: When your AWS credentials are authenticated, an IAM role is created in AWS, and allows CloudShell Colony to deploy environments to your account. The IAM role can be removed at any point.
- Once the event's status changes to CREATE_COMPLETE, click the Outputs tab, and copy the value of the RoleArn key.
- Enter your AWS login credentials.
- Return to CloudShell Colony's tab and do the following:
- Enter a name for the cloud account in the Cloud Account Name field.
- Paste the copied Arn Role key into the Role ARN Role field.
- Click Authenticate.
The AWS cloud account is added.
Comments
0 comments
Please sign in to leave a comment.