Scoutflo Documentation
  • 🚀Welcome to Scoutflo💙
  • Overview
    • What is Scoutflo?
    • Getting Started
    • Scoutflo Architecture
    • Basic Concepts
    • Our Products
  • Our Products
    • Scoutflo Deploy
    • Scoutflo Atlas
      • About
      • Key Features
      • Scoutflo Sandbox
        • How to use
        • Available Product Sandboxes
      • Scoutflo Health Score
        • Overview
        • Key Metrics
          • Security Key Elements
          • Code Quality & Maintenance Key Elements
          • Support Key Elements
          • Community Activeness Key Elements
          • Business Readiness Key Elements
        • Calculation
        • Use case of these Scores
        • Process of Score calculation
        • FAQ
      • Product Qualification
      • Find the right product
      • Product Information and Maintenance
      • Product Stakeholders
  • Key Feature
    • Infrastructure Provisioning
      • Create a new Cluster
        • Add Credentials
        • VPC Configuration
      • Edit an existing Cluster
        • Security Scans for Cluster
      • Delete a Cluster
    • Service Deployment
      • Service Onboarding
      • Service Cost Prediction
      • Service Deployment
      • Delete a Service
    • Helm Service Deployment
      • Customized Helm Deployment
      • Open Source Helm Deployment
      • Open Source Service Catalog
      • Edit an App
      • Delete an App
    • Database Deployment
    • RBAC
      • Set Up your custom Roles
    • Workspace
    • Dora Dashboard
    • Kubernetes Dashboard
    • Notification (Coming Soon)
    • Alert Management
      • Default Alert Rules
  • Guide
    • Terraform and Scoutflo
    • AWS EKS Best Practices Guide
    • Kubernetes and Scoutflo
    • ArgoCD and Scoutflo
    • Connect your Cloud
    • Scoutflo Deploy Free Trial Cluster
    • Add-on deployments
    • Custom Configurations
    • Terminology Guide
    • Workflow Action ID
  • Integrations
    • Scoutflo Integration
    • Version Control tool
      • GitHub App
    • Container Registry
      • AWS ECR Container Registry
      • Docker Hub Container Registry
    • Slack
    • Scoutflo Add-Ons
  • Fundamentals
    • GitOps with Scoutflo
    • Container/OCI Registry
    • Monitoring
    • AWS EKS Cluster
    • List of IAM permissions for your scoutflo IAM user on AWS
  • FAQs
    • General
    • Scoutflo Atlas
    • Scoutflo Deploy
    • Scoutflo Sandbox
    • Contact Us
  • Glossary
Powered by GitBook
On this page
  • AWS CloudFormation:
  • Scoutflo using CloudFormation for Account Connection:
  • Set Up your Cloud Formation keys:
  • Step-by-Step Implementation Guide
  • Starting the Connection
  • On this screen of "Cloud Connection":
  • Creating the Stack
  • Security Deep Dive
  • Additional Resources:
  1. Guide

Connect your Cloud

Secure Cloud Resource Management Using AWS CloudFormation

AWS CloudFormation:

AWS CloudFormation is Amazon's Infrastructure as Code (IaC) service that helps you model and set up your AWS resources securely. Think of it as a way to create a blueprint of your cloud infrastructure that:

  • Automates resource creation

  • Manages security permissions

  • Ensures consistent setup

  • Provides detailed tracking of changes

Scoutflo using CloudFormation for Account Connection:

Traditional cloud integrations often require you to:

  • Create permanent IAM users.

  • Generate and share access keys.

  • Manage key rotation.

  • Handle security permissions manually

This approach poses several risks:

  • Permanent credentials could be compromised

  • Manual key rotation is error-prone

  • Excessive permissions might be granted

  • Security audit challenges

Our CloudFormation integration solves these challenges by:

  • Creating temporary credentials that expire in 30 minutes

  • Automating credential renewal when needed

  • Implementing precise permission controls

  • Providing clear audit trails

Set Up your Cloud Formation keys:

The Connection Flow

  1. Initial Setup

    • You provide AWS account details

    • Our platform generates a CloudFormation template

    • Template creates necessary IAM roles with specific permissions

  2. Security Process

    • CloudFormation creates temporary security credentials

    • Credentials automatically expire after 30 minutes

    • Platform requests new credentials when needed

    • No permanent access keys are stored

  3. Resource Management

    • Platform uses temporary credentials to create resources

    • Each operation gets fresh credentials if needed

    • All actions are logged and traceable

    • You maintain full control over permissions

Step-by-Step Implementation Guide

Starting the Connection

  • Navigate to "My Cluster" > Click on the "+ Add Cluster".

  • A modal will be opened where you have to click on the "Create a Cluster".

  • You will be redirected to the Cluster creation screen.

  • You will be able to see the 'Cloud Credentials' section, where you have to select the Credentials you will be using for creating this cluster.

  • When you click on the drop down down it will open all the currently added credentials.

  • And if you have not added any credentials yet, click on the "+ Add New" CTA button.

  • You will be redirected to the Credentials integrations screen where all connected cloud accesses will be listed.

On this screen of "Cloud Connection":

  • Click "New Connection"

  • Select "AWS" as your cloud provider

  • Other providers (GCP, Azure) are coming soon.

  • You'll need to provide the following Connection Details:

  1. Credential Name

    • Must be unique across your account

    • Examples:

      • prod-aws-useast1

      • dev-aws-euwest2

    • Cannot reuse previously used names

  2. AWS Account Number

    • Your 12-digit AWS account identifier

    • Found in your AWS account settings

  • After clicking "Create", you'll be redirected to the AWS CloudFormation Console:

  1. Template Information

    • Pre-configured CloudFormation template

    • Stack description explaining the purpose

    • Automatically generated stack name

  2. Parameters

    • ScoutfloIdentifier: Your unique platform identifier

    • ScoutfloUserId: Your platform user ID

    • Already filled in - no action needed

  3. Permissions Section

    • IAM role creation acknowledgment

    • Required for secure access setup

Creating the Stack

Important actions on the AWS Console:

  1. Review Details

    • Verify template information

    • Check parameter values

  2. Acknowledge IAM Creation

    • Find the checkbox:

      I acknowledge that AWS CloudFormation might create IAM resources with custom names

  3. Initiate Creation

    • Click "Create Stack" button

    • Process typically takes 1-2 minutes

Verification Process

Our platform will:

  1. Monitor stack creation progress

  2. Display a 120-second countdown

  3. Verify the connection

  4. Show success confirmation

Security Deep Dive

Temporary Credentials:

Our implementation uses AWS Security Token Service (STS) to:

  • Generate time-limited credentials

  • Automatically expire access after 30 minutes

  • Create new credentials only when needed

  • Maintain principle of least privilege

Permission Management

The created IAM role:

  • Has specific, limited permissions

  • Only allows required AWS services

  • Includes automatic cleanup process

  • Maintains detailed access logs

Final Confirmation:

  1. Stack creates successfully

  2. Connection shows as "Enabled"

  3. Resources can be created immediately

  4. Automatic credential management begins

  • Once you have successfully added the credentials, you will be able to select the newly added credentials through the drop down on the Create Cluster screen.

Stack Creation Fails

  • Check AWS permissions

  • Verify account number

  • Review error message in AWS Console

  • Try again with same or new name

Connection Times Out

  • Wait for full 120 seconds

  • Check internet connectivity

  • Verify AWS Console access

  • Restart process if needed

Name Already Exists

  • Choose new credential name

  • Follow naming conventions

  • Delete old unused credentials

Additional Resources:

PreviousArgoCD and ScoutfloNextScoutflo Deploy Free Trial Cluster

Last updated 4 months ago

Must be checked '' to proceed

👍
AWS CloudFormation Documentation
IAM Security Best Practices
AWS Security Token Service