Account
The account is used to establish communication between the senhasegura and the Cloud Service Provider. Throught it you can manage the users, service accounts and cloud credentials and access keys.
The Cloud IAM will request only the necessary permissions, avoiding excess privileges.
Connect an account
To connect an account, follow the menu Cloud IAM ➔ Settings ➔ Accounts.
- Click on the actions button and select the option Add account.
- On the Settings tab, fill in the following fields:
- Fill in the fields Description and Tags
- Check the box for the Cloud Provider to be configured and fill in the following fields:
- AWS:
- View the JSON file to view the required permissions
- Fill in the field Access Key with the AWS Access Key ID
- Fill in the field Secret Access Key with the secret of the AWS access key
- Fill in the field Default Region with the default region of the AWS account
- Check the box OpsWorks - Configuration management if you want to manage AWS OpsWorks users' SSH sessions and keys
- Google Cloud:
- Select the file with the access key to the Google Cloud account
- To finish click on Confirm.
- Azure:
- Fill in the directory (tenant) ID fields
- Fill in the Application Client ID and Client Secret
- Select an access group
- AWS:
- Finally, click on Confirm
Create AWS Access Key
To generate an AWS access key so that you can register it with senhasegura Cloud, follow the steps below:
- Log into your AWS account: console.aws.amazon.com
- Locate the service Identity and Access Management (IAM)
- On the left side, click on Users
- Click the Add user button
- Fill in the field User name and under Access type check the option Programmatic access and click on the button Next: Permissions
- Select the Attach existing policies directly option and add the AdministratorAccess policy
- Click on the button Next: Tags
- Insert the tags (optional) and click on the button Next: Review
- Finally, click on the button Create user.
- Copy the values of the Access key ID and Secret access key
Create Google Cloud Access Key
To generate a Google Cloud access key so that you can register it with the senhasegura Cloud, please sign in to your Google Cloud account
- Create a custom Role
- Log in your Google Cloud account (console.cloud.google.com)
- In the project selection, select the Organization and click on the Roles service in the side menu
- Click the CREATE ROLE button and fill in the fields
- Title with the name of the role you want to create
- Click the ADD PERMISSIONS button and add the following permissions:
- iam.roles.list
- iam.serviceAccountKeys.create
- iam.serviceAccountKeys.delete
- iam.serviceAccountKeys.get
- iam.serviceAccountKeys.list
- iam.serviceAccounts.create
- iam.serviceAccounts.delete
- iam.serviceAccounts.get
- iam.serviceAccounts.list
- resourcemanager.organizations.get
- resourcemanager.organizations.getIamPolicy
- resourcemanager.organizations.setIamPolicy
- resourcemanager.projects.get
- resourcemanager.projects.getIamPolicy
- resourcemanager.projects.list
- resourcemanager.projects.setIamPolicy
- Finally, click on the CREATE button
- Create a Service account
- Select an existing project or create a new one
- From the navigation menu, choose the IAM & Admin, Service Accounts option
- Click the CREATE SERVICE ACCOUNT button
- Fill in the Service account name fields and click the CREATE button
- Click the DONE button
- Generate Access Key
- In the Service Accounts menu, click on the service account we have just created
- Click the ADD KEY button and select the Create new key option
- Select the JSON option and click the CREATE button
- Finally, save the key in a safe place
- Habilitar APIs
- In the APIs & Services ➔ Library menu
- Find the APIs listed below and click the ENABLE button
- Cloud Resource Manager API
- Cloud Asset API
- Identity and Access Management (IAM) API
- Add service account at Organization
- Click on the IAM service in the side menu
- Click the ADD button at the top of the page
- Enter in the field New members the address of the service account you just created
- No field Select a role, select a previously created role
- Click the SAVE button
Create Azure Access Key
To generate an Azure access key so that you can register it with the senhasegura Cloud, please sign in to your Azure account.
- Create a service account
- Log into your Azure account: portal.azure.com
- Locate the service Azure Active Directory
- In the menu located on the left side, click on Application register
- Click in new register
- Fill the Name, Support account type and URI redirect fields.
- Click the Register button
- In Azure, select:
- In the menu located on the left side, click in API permissions
- Select the Microsoft Graph
- The requested permissions are:
- Directory Role:
- Global Administrator
- Tenant root group role
- Owner
- API permissions:
- Delegated:
- Directory.AccessAsUser.All
- Application:
- Application.ReadWrite.All
- AppRoleAssignment.ReadWrite.All
- Directory.Read.All
- Directory.ReadWrite.All
- Organization.ReadWrite.All
- RoleManagement.ReadWrite.Directory
- User.ManageIdentities.All
- User.ReadWrite.All
- Delegated:
- Directory Role:
Cloud Audit Report
This report located at Cloud IAM ➔ Audit is primarily intended to provide the Cloud module user or administrator with the ability to track and audit how major operations performed, including changes.
Cloud IAM Operations
ID: It is the operation ID Operation: Refers to which type of operation was performed in the system Entity: Which entity the account belongs to Entity Name: The name of the entity the account belongs to Account: Which account is associated with the cloud account Cloud Provider: What type of Cloud is being used Username: The name of the user who performed an operation Username system: The username in the senhasegura system IP: Network address used to access the senhasegura system Date/Time: When this operation was performed Action: View cloud operation details