Add account

An account is used to establish communication between the senhasegura and the Cloud Service Provider so that users can manage their credentials and virtual machines.

info

The Cloud module will only request the necessary permissions, avoiding excess privileges.

Register account

To register an account, follow the menu Cloud ➔ Settings ➔ Accounts.

1. Click on the actions button and select the option Add account.

2. On the Settings tab, fill in the following fields

3. Fill in the fields Description and Tags

4. Check the box for the Cloud Provider to be configured and fill in the following fields:

   1. AWS:

      1. Fill in the field Access Key with the AWS Access Key ID

      2. Fill in the field Secret Access Key with the secret of the AWS access key

      3. Fill in the field Default Region with the default region of the AWS account

      4. Check the box OpsWorks - Configuration management if you want to manage AWS OpsWorks users' SSH sessions and keys

   2. Google Cloud:

      1. Select the file with the access key to the Google Cloud account

      2. To finish click on Confirm.

   3. Azure:

      1. Fill in the directory (tenant) ID fields

      2. Fill in the Application Client ID and Client Secret

      3. Select an access group

5. Finally, click on Confirm.

Create AWS Access Key

To generate an AWS access key so that you can register it with senhasegura Cloud, follow the steps below:

1. Log into your AWS account: https://console.aws.amazon.com/

2. Locate the service Identity and Access Management (IAM)

3. On the left side, click on Users

4. Click the Add user button

5. Fill in the field User name and under Access type check the option Programmatic access and click on the button Next: Permissions

6. Select the Attach existing policies directly option and add the AdministratorAccess policy

7. Click on the button Next: Tags

8. Insert the tags (optional) and click on the button Next: Review

9. Finally, click on the button Create user.

10. Copy the values of the Access key ID and Secret access key

Create Google Cloud Access Key

To generate a Google Cloud access key so that you can register it with the senhasegura Cloud, please sign in to your Google Cloud account¹

1. Create a Service account

   1. Select an existing project or create a new one

   2. From the navigation menu, choose the IAM & Admin, Service Accounts option

   3. Click the CREATE SERVICE ACCOUNT button

   4. Fill in the Service account name fields and click the CREATE button

   5. Click the DONE button

2. Generate Access Key

   1. In the Service Accounts menu, click on the service account we have just created

   2. Click the ADD KEY button and select the Create new key option

   3. Select the JSON option and click the CREATE button

   4. Finally, save the key in a safe place

3. Habilitar APIs

   1. In the APIs & Services ➔ Library menu

   2. Find the APIs listed below and click the ENABLE button

      • Cloud Resource Manager API

      • Cloud Asset API

      • Identity and Access Management (IAM) API

4. Create a custom Role

   1. In the project selection, select the Organization and click on the Roles service in the side menu

   2. Click the CREATE ROLE button and fill in the fields

      1. Title with the name of the role you want to create

      2. Click the ADD PERMISSIONS button and add the following permissions:

         • iam.roles.list

         • iam.serviceAccountKeys.create

         • iam.serviceAccountKeys.delete

         • iam.serviceAccountKeys.get

         • iam.serviceAccountKeys.list

         • iam.serviceAccounts.create

         • iam.serviceAccounts.delete

         • iam.serviceAccounts.get

         • iam.serviceAccounts.list

         • resourcemanager.organizations.get

         • resourcemanager.organizations.getIamPolicy

         • resourcemanager.organizations.setIamPolicy

         • resourcemanager.projects.get

         • resourcemanager.projects.getIamPolicy

         • resourcemanager.projects.list

         • resourcemanager.projects.setIamPolicy

      3. Finally, click the CREATE button

5. Add service account at Organization

   1. Click on the IAM service in the side menu

   2. Click the ADD button at the top of the page

   3. Enter in the field New members the address of the service account you just created

   4. No field Select a role, select a previously created role

   5. Click the SAVE button

Create Azure Access Key

To generate an Azure access key so that you can register it with the senhasegura Cloud, please sign in to your Azure account.

1. Create a service account

   1. Log into your Azure account: ²

   2. Locate the service Azure Active Directory

   3. In the menu located on the left side, click on Application register

   4. Click in new register

   5. Fill the Name, Support account type and URI redirect fields.

   6. Click the Register button

2. In Azure, select:

   1. In the menu located on the left side, click in API permissions

   2. Select the Microsoft Graph

   3. The requested permissions are

      • Directory Role:

        • Global Administrator

        • Tenant root group role

        • Owner

      • API permissions:

        • Delegated:

          • Directory.AccessAsUser.All

        • Application:

          • Application.ReadWrite.All

          • AppRoleAssignment.ReadWrite.All

          • Directory.Read.All

          • Directory.ReadWrite.All

          • Organization.ReadWrite.All

          • RoleManagement.ReadWrite.Directory

          • User.ManageIdentities.All

          • User.ReadWrite.All