Connect your Cloud

Step 1: Access the Cloud Connection Section

  • Navigate to the 'Settings > Cloud Connections'

  • Navigate to the '+ Add Cluster > Connect or Create Cluster > Cloud Credentials > + Add New'. You will be redirected to the "Cloud Connections" screen.

Step 2: Initiate Adding New Cloud Connection

  • You will be able to see an existing list of Cloud Connections, add earlier by you.

  • Click on the Add New Cloud Connection button.

Step 4: Enter Credential Information

  • You'll need to provide the following Connection Details:

  1. Credential Name

    • Must be unique across your account

    • Examples:

      • prod-aws-useast1

      • dev-aws-euwest2

    • Cannot reuse previously used names

  • After clicking "Create", you'll be redirected to the AWS CloudFormation Console:

  1. Template Information

    • Pre-configured CloudFormation template

    • Stack description explaining the purpose

    • Automatically generated stack name

  2. Parameters

    • ScoutfloIdentifier: Your unique platform identifier

    • ScoutfloUserId: Your platform user ID

    • Already filled in - no action needed

  3. Permissions Section

    • IAM role creation acknowledgment

    • Required for secure access setup

Creating the Stack

Important actions on the AWS Console:

  1. Review Details

    • Verify template information

    • Check parameter values

  2. Acknowledge IAM Creation

    • Find the checkbox:

      I acknowledge that AWS CloudFormation might create IAM resources with custom names

    • Must be checked '👍' to proceed

  3. Initiate Creation

    • Click "Create Stack" button

    • Process typically takes 1-2 minutes

Verification Process

Our platform will:

  1. Monitor stack creation progress

  2. Display a 120-second countdown

  3. Verify the connection

  4. Show success confirmation

Final Confirmation:

  1. Stack creates successfully

  2. Connection shows as "Enabled"

  3. Resources can be created immediately

  4. Automatic credential management begins

  • Once you have successfully added the credentials, you will be able to select the newly added credentials through the drop down on the Create Cluster screen.

Stack Creation Fails

  • Check AWS permissions

  • Verify account number

  • Review error message in AWS Console

  • Try again with same or new name

Connection Times Out

  • Wait for full 120 seconds

  • Check internet connectivity

  • Verify AWS Console access

  • Restart process if needed

Name Already Exists

  • Choose new credential name

  • Follow naming conventions

  • Delete old unused credentials

Here is a document explaining the concept of AWS STS Assume Role, its importance, safety, and best practices as per AWS—designed to complement your existing flow for connecting users’ AWS cloud credentials to your platform:

Importance of AWS STS Assume Role in Cloud Credential Integration

  • Security: Temporary credentials reduce exposure risk as they expire automatically (e.g., after 30 minutes). Even if compromised, they cannot be reused beyond their limited lifetime.

  • Least Privilege Principle: The IAM role assumed has only the exact permissions necessary for your platform’s functions—no more, no less—mitigating risk from over-permissioned accounts.

  • Ease of Management: Users do not need to share long-term credentials. Instead, they delegate access securely via an IAM role and CloudFormation stack, which your platform assumes when needed.

  • Audit and Compliance: Actions performed using assumed roles are logged, helping both the user and your platform maintain transparent, auditable access trails.

Working of AWS STS Assume Role on our Platform

  1. User creates a connection by launching a CloudFormation stack in their AWS account.

  2. The stack creates an IAM role with predefined, minimal permissions scoped to your platform’s operational needs.

  3. Your platform assumes this IAM role via AWS STS, receiving temporary credentials:

    • Contains Access Key ID, Secret Access Key, and a session token.

    • These credentials are valid only for a limited period (usually 30 minutes).

  4. Your platform uses these temporary credentials to access the user’s AWS resources as permitted.

  5. When credentials expire or the session ends, your platform automatically refreshes credentials by re-assuming the role, ensuring uninterrupted and secure access.

Assume Role is a Best Practice and Secure Method According to AWS

  • Temporary Credentials Minimize Risk: Limit damage from accidental leaks or compromised tokens by automatically expiring credentials.

  • Controlled Permissions via IAM Roles: The user creates custom roles with fine-tuned permissions and trusts your platform’s AWS account or service to assume the role only.

  • No Need to Store Long-term Secrets: Avoid the risks of managing or storing permanent AWS credentials on your platform or user devices.

  • Automatic Credential Rotation: Just-in-time credential generation prevents stale or unused keys from lingering.

  • Separate Trust Boundaries: AssumeRole creates a trust relationship between the user’s AWS account and your platform, which can be audited and revoked independently.

  • AWS CloudFormation Automates Role Creation: Using CloudFormation templates ensures consistent, secure deployment of the necessary IAM roles without manual errors.

PreviousOverviewNextVersion Control tool

Last updated