Creating a Cloud Account

To create a new cloud account or access a cloud account in CoPilot:

  1. Go to Cloud Resources > Cloud Accounts.

  2. Click Onboard Cloud Account.

  3. Enter the parameter values:

    Parameter Description

    Account Name

    Enter the name of the cloud account.

    Cloud Account

    Select the Cloud Service Provider (CSP) for this account.

  4. Select the parameters specific to the Cloud Account you are using.

    See the sections below for connecting cloud accounts.

  5. Click Save.

    The new cloud account appears in the table.

After an account is created you can you can audit the account from either the Actions menu or the vertical ellipses 25 menu.

You can also update the IAM Policy for any AWS cloud account from the Actions menu. If you select non-AWS cloud accounts when updating policies, the non-AWS accounts are skipped during the update process. Also, the current version of the IAM policy is saved by AWS. Up to 5 (latest) non-default policy versions are retained.

To edit a cloud account, click the Edit icon edit icon in the row of the cloud account. You can edit all fields except for Account Name and Cloud Type.

AWS Cloud Account

When you select AWS as the cloud for this account, you can click the dropdown menu on the icon to select Standard, China, or GovCloud.

Parameter Description

IAM Role-Based

If this account is based on an IAM Role (recommended), ensure this toggle switch is set to On (the default setting).

Launch the CloudFormation script to establish the trust with your primary access account. (Skip if you have already run the script).

Select this link to run the CloudFormation script in AWS if you have not already done so. Then, return to this page and continue.

AWS Account Number

Enter the 12-digit account number from your AWS account.

AWS App Role ARN

(Optional) Enter the AWS App Role ARN for aviatrix-platform-app from IAM > Roles in the AWS console.

ARN values are only required if you are creating an access account that is separate from the one from which you deployed the Controller.

AWS EC2 Role ARN

(Optional) Enter the EC2 Role ARN for aviatrix-role-ec2 from IAM > Roles in the AWS console.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups that should be able to access this account.

I have run the CloudFormation script to set up this secondary access account

If you have already run the CloudFormation script to create the primary account in AWS, select this checkbox.

Azure Cloud Account

Note that when you select Azure as the cloud for this account, you can click on the dropdown menu on the icon to select Global, China, or GovCloud.

Parameter Description

ARM Subscription ID

Enter the Azure ARM Subscription ID from your Azure account.

Directory ID

Enter the Directory ID from your Azure account.

Application ID

Enter the Application ID from your Azure account.

Application Key

Enter the Secret Key Value saved from your Azure account.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

GCP Cloud Account

Parameter Description

GCP Project ID

Enter the Project ID from your Google Cloud Platform (GCP) account.

GCP Project Credentials

Click Upload to upload your GCP Project Credentials here.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

OCI Cloud Account

Parameter Description

OCI Tenancy ID

Enter the Tenancy ID from your OCI account.

OCI User ID

Enter the OCI user ID for the user who should be able to access this account through CoPilot.

OCI API Private Key File

Click Upload to upload the private key file you downloaded from your OCI account.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Alibaba Cloud Account

Parameter Description

Alibaba Account ID

Enter your Alibaba Account ID.

Access Key

Enter the Access Key from your Alibaba account.

Secret Access Key

Enter the Secret Access Key from your Alibaba account.

Add to RBAC Groups

(Optional) Click on this dropdown menu and select the RBAC (Role Based Access Control) groups who should be able to access this account.

Edge CSP

Parameter Description

Username

Enter your Edge CSP username.

Password

Enter your Edge CSP password.