Connect your Cloud

Secure Cloud Resource Management Using AWS CloudFormation

AWS CloudFormation:

AWS CloudFormation is Amazon's Infrastructure as Code (IaC) service that helps you model and set up your AWS resources securely. Think of it as a way to create a blueprint of your cloud infrastructure that:

  • Automates resource creation

  • Manages security permissions

  • Ensures consistent setup

  • Provides detailed tracking of changes

Scoutflo using CloudFormation for Account Connection:

Traditional cloud integrations often require you to:

  • Create permanent IAM users.

  • Generate and share access keys.

  • Manage key rotation.

  • Handle security permissions manually

This approach poses several risks:

  • Permanent credentials could be compromised

  • Manual key rotation is error-prone

  • Excessive permissions might be granted

  • Security audit challenges

Our CloudFormation integration solves these challenges by:

  • Creating temporary credentials that expire in 30 minutes

  • Automating credential renewal when needed

  • Implementing precise permission controls

  • Providing clear audit trails

Set Up your Cloud Formation keys:

The Connection Flow

  1. Initial Setup

    • You provide AWS account details

    • Our platform generates a CloudFormation template

    • Template creates necessary IAM roles with specific permissions

  2. Security Process

    • CloudFormation creates temporary security credentials

    • Credentials automatically expire after 30 minutes

    • Platform requests new credentials when needed

    • No permanent access keys are stored

  3. Resource Management

    • Platform uses temporary credentials to create resources

    • Each operation gets fresh credentials if needed

    • All actions are logged and traceable

    • You maintain full control over permissions

Step-by-Step Implementation Guide

Starting the Connection

  • Navigate to "My Cluster" > Click on the "+ Add Cluster".

  • A modal will be opened where you have to click on the "Create a Cluster".

  • You will be redirected to the Cluster creation screen.

  • You will be able to see the 'Cloud Credentials' section, where you have to select the Credentials you will be using for creating this cluster.

  • When you click on the drop down down it will open all the currently added credentials.

  • And if you have not added any credentials yet, click on the "+ Add New" CTA button.

  • You will be redirected to the Credentials integrations screen where all connected cloud accesses will be listed.

On this screen of "Cloud Connection":

  • Click "New Connection"

  • Select "AWS" as your cloud provider

  • Other providers (GCP, Azure) are coming soon.

  • You'll need to provide the following Connection Details:

  1. Credential Name

    • Must be unique across your account

    • Examples:

      • prod-aws-useast1

      • dev-aws-euwest2

    • Cannot reuse previously used names

  2. AWS Account Number

    • Your 12-digit AWS account identifier

    • Found in your AWS account settings

  • After clicking "Create", you'll be redirected to the AWS CloudFormation Console:

  1. Template Information

    • Pre-configured CloudFormation template

    • Stack description explaining the purpose

    • Automatically generated stack name

  2. Parameters

    • ScoutfloIdentifier: Your unique platform identifier

    • ScoutfloUserId: Your platform user ID

    • Already filled in - no action needed

  3. Permissions Section

    • IAM role creation acknowledgment

    • Required for secure access setup

Creating the Stack

Important actions on the AWS Console:

  1. Review Details

    • Verify template information

    • Check parameter values

  2. Acknowledge IAM Creation

    • Find the checkbox:

      I acknowledge that AWS CloudFormation might create IAM resources with custom names

  3. Initiate Creation

    • Click "Create Stack" button

    • Process typically takes 1-2 minutes

Verification Process

Our platform will:

  1. Monitor stack creation progress

  2. Display a 120-second countdown

  3. Verify the connection

  4. Show success confirmation

Security Deep Dive

Temporary Credentials:

Our implementation uses AWS Security Token Service (STS) to:

  • Generate time-limited credentials

  • Automatically expire access after 30 minutes

  • Create new credentials only when needed

  • Maintain principle of least privilege

Permission Management

The created IAM role:

  • Has specific, limited permissions

  • Only allows required AWS services

  • Includes automatic cleanup process

  • Maintains detailed access logs

Final Confirmation:

  1. Stack creates successfully

  2. Connection shows as "Enabled"

  3. Resources can be created immediately

  4. Automatic credential management begins

  • Once you have successfully added the credentials, you will be able to select the newly added credentials through the drop down on the Create Cluster screen.

Stack Creation Fails

  • Check AWS permissions

  • Verify account number

  • Review error message in AWS Console

  • Try again with same or new name

Connection Times Out

  • Wait for full 120 seconds

  • Check internet connectivity

  • Verify AWS Console access

  • Restart process if needed

Name Already Exists

  • Choose new credential name

  • Follow naming conventions

  • Delete old unused credentials

Additional Resources:

PreviousArgoCD and ScoutfloNextScoutflo Deploy Free Trial Cluster

Last updated