Add account
An account is used to establish communication between the senhasegura and the Cloud Service Provider so that users can manage their credentials and virtual machines.
The Cloud module will only request the necessary permissions, avoiding excess privileges.
Register account
To register an account, follow the menu Cloud ➔ Settings ➔ Accounts.
Click on the actions button and select the option Add account.
On the Settings tab, fill in the following fields
Fill in the fields Description and Tags
Check the box for the Cloud Provider to be configured and fill in the following fields:
AWS:
Fill in the field Access Key with the AWS Access Key ID
Fill in the field Secret Access Key with the secret of the AWS access key
Fill in the field Default Region with the default region of the AWS account
Check the box OpsWorks - Configuration management if you want to manage AWS OpsWorks users' SSH sessions and keys
Google Cloud:
Select the file with the access key to the Google Cloud account
To finish click on Confirm.
Azure:
Fill in the directory (tenant) ID fields
Fill in the Application Client ID and Client Secret
Select an access group
Finally, click on Confirm.
Create AWS Access Key
To generate an AWS access key so that you can register it with senhasegura Cloud, follow the steps below:
Log into your AWS account: https://console.aws.amazon.com/
Locate the service Identity and Access Management (IAM)
On the left side, click on Users
Click the Add user button
Fill in the field User name and under Access type check the option Programmatic access and click on the button Next: Permissions
Select the Attach existing policies directly option and add the AdministratorAccess policy
Click on the button Next: Tags
Insert the tags (optional) and click on the button Next: Review
Finally, click on the button Create user.
Copy the values of the Access key ID and Secret access key
Create Google Cloud Access Key
To generate a Google Cloud access key so that you can register it with the senhasegura Cloud, please sign in to your Google Cloud account1
Create a Service account
Select an existing project or create a new one
From the navigation menu, choose the IAM & Admin, Service Accounts option
Click the CREATE SERVICE ACCOUNT button
Fill in the Service account name fields and click the CREATE button
Click the DONE button
Generate Access Key
In the Service Accounts menu, click on the service account we have just created
Click the ADD KEY button and select the Create new key option
Select the JSON option and click the CREATE button
Finally, save the key in a safe place
Habilitar APIs
In the APIs & Services ➔ Library menu
Find the APIs listed below and click the ENABLE button
Cloud Resource Manager API
Cloud Asset API
Identity and Access Management (IAM) API
Create a custom Role
In the project selection, select the Organization and click on the Roles service in the side menu
Click the CREATE ROLE button and fill in the fields
Title with the name of the role you want to create
Click the ADD PERMISSIONS button and add the following permissions:
iam.roles.list
iam.serviceAccountKeys.create
iam.serviceAccountKeys.delete
iam.serviceAccountKeys.get
iam.serviceAccountKeys.list
iam.serviceAccounts.create
iam.serviceAccounts.delete
iam.serviceAccounts.get
iam.serviceAccounts.list
resourcemanager.organizations.get
resourcemanager.organizations.getIamPolicy
resourcemanager.organizations.setIamPolicy
resourcemanager.projects.get
resourcemanager.projects.getIamPolicy
resourcemanager.projects.list
resourcemanager.projects.setIamPolicy
Finally, click the CREATE button
Add service account at Organization
Click on the IAM service in the side menu
Click the ADD button at the top of the page
Enter in the field New members the address of the service account you just created
No field Select a role, select a previously created role
Click the SAVE button
Create Azure Access Key
To generate an Azure access key so that you can register it with the senhasegura Cloud, please sign in to your Azure account.
Create a service account
Log into your Azure account: 2
Locate the service Azure Active Directory
In the menu located on the left side, click on Application register
Click in new register
Fill the Name, Support account type and URI redirect fields.
Click the Register button
In Azure, select:
In the menu located on the left side, click in API permissions
Select the Microsoft Graph
The requested permissions are
Directory Role:
Global Administrator
Tenant root group role
Owner
API permissions:
Delegated:
- Directory.AccessAsUser.All
Application:
Application.ReadWrite.All
AppRoleAssignment.ReadWrite.All
Directory.Read.All
Directory.ReadWrite.All
Organization.ReadWrite.All
RoleManagement.ReadWrite.Directory
User.ManageIdentities.All
User.ReadWrite.All
Cloud Audit Report
This report located at Cloud ➔ Audit is primarily intended to provide the Cloud module user or administrator with the ability to track and audit how major operations performed, including changes.
Cloud IAM Operations
ID: It is the operation ID
Operation: Refers to which type of operation was performed in the system
Entity: Which entity the account belongs to
Entity Name: The name of the entity the account belongs to
Account: Which account is associated with the cloud account
Cloud Provider: What type of Cloud is being used
Username: The name of the user who performed an operation
Username system: The username in the senhasegura system
IP: Network address used to access the senhasegura system
Date/Time: When this operation was performed
Action: View cloud operation details