.. _cloud-provider:

Cloud Provider Management
=========================

This is the configuration screen to register and manage cloud accounts for various cloud-related operations.

#. From the top menu, go to System > Cloud Provider.
#. Click "Select Action" then click "Create".
#. Enter a name for the configuration (e.g., 'AWS Cloud').
#. Select one of the following for the Cloud: "AWS", "AZURE", "NHN", "NAVER", "LINODE".
#. Refer to the 'Input method for each cloud type' section below to enter the required information.
#. Click Create.

Input Method for Each Cloud Type
--------------------------------

AWS Credential Information
```````````````````````````````````````
#. Access Key: In the AWS Console, click the user email at the top right > Select "Security credentials" > Check and enter the 'Access key'.
#. Secret Key: When creating the Access key, click 'Show' to check and enter the 'Secret key'.

- **Policies that must be enabled in the AWS account's IAM**
- Path: AWS Console > IAM > Users > Select user ID > Permissions > Policy name
- AdministratorAccess: Provides full access to AWS services and resources.
- AmazonEC2FullAccess: Full access to Amazon EC2 through the AWS Management Console.
- AmazonRoute53FullAccess: Full access to Amazon Route 53 through the AWS Management Console.
- AmazonS3FullAccess: Full access to all buckets through the AWS Management Console.
- AWSMarketplaceFullAccess: Allows subscribing and unsubscribing from AWS Marketplace software, managing Marketplace software instances on the 'Your Software' page, and managing EC2 access.
- AWSSupportAccess: Grants access to the AWS Support Center.
- CloudFrontFullAccess: Grants full access to CloudFront Console and the ability to list Amazon S3 buckets.
- CloudWatchEventsFullAccess: Grants full access to Amazon CloudWatch Events.
- CloudWatchFullAccess: Grants full access to CloudWatch.
- SecurityAudit: Provides read-only access to security configuration metadata. Useful for software auditing AWS account configuration.

AZURE Credential Information
```````````````````````````````````````
#. Client ID: Azure Portal > Azure Active Directory > App registrations > Check and enter the 'Application ID'.
#. Client Secret: Home > Azure Active Directory > App registrations > Certificates & secrets > Check and enter the 'Value'.
#. Subscription ID: Home > Subscriptions > Check and enter the 'Subscription ID'.
#. Tenant ID: Home > Azure Active Directory > App registrations > Check and enter the 'Directory ID'.
#. Resource Group Name: Home > Subscriptions > Subscription Name > Resource groups > Check and enter the 'Name'.

- **IAM roles required for the Azure account**
- Path: Access control (IAM) > View my access > Current role assignments > Role field
- Contributor: Full access to manage all resources, except assigning roles in Azure RBAC, managing assignments in Azure Blueprints, or sharing image galleries.
- User Access Administrator: Can manage user access to Azure resources.
- Managed Application Operator Role: Can read and perform operations on managed application resources.

NHN Credential Information
```````````````````````````````````````
#. User Name: Enter the NHN Console login 'ID'.
#. Tenant ID: Go to Compute > Instance > Management page > Click API endpoint settings button > Check and enter the 'Tenant ID'.
#. Password: Go to Compute > Instance > Management page > Click API endpoint settings button > Set and enter the desired API 'Password'.

- **Project role settings for NHN account's IAM**
- Path: Login to the corresponding console > Member Management > IAM Members
- Set the role for the project to ADMIN.