Skip to main content

Cloud Provider

info

In this guide we're going to learn how to add a cloud provider to a StarTree Cloud account. You will need to have created an organization and user.

StarTree supports AWS and GCP as cloud providers. You will need to configure a cloud provider before you can deploy an an environment.

From the organizations screen, click the Cloud Providers tab. You will see the following screen:

Cloud ProviderCloud Provider

Click on Create Cloud Provider in the top right. You will see the following screen:

Select Cloud ProviderSelect Cloud Provider

Select your preferred cloud provider and then follow the appropriate instructions below.

info

StarTree Cloud expects to operate in a dedicated AWS account, under your AWS Organization to ensure nothing (quotas, permissions, billing, audits) collides with your existing workloads. This is a best practice mechanism for supporting external vendor management. For instructions on creating a new account, see the AWS official documentation.

Select the Delegated credential type. You will see the following screen:

AWS Delegated Cloud ProviderAWS Delegated Cloud Provider

Enter a value for the AWS External ID.

tip

This can be any value, but it's best if it's not easily guessable (e.g. a UUID). We'll need to use this value when we create the IAM Role later on in this guide.

Create an IAM Policy

In another browser tab, navigate to the IAM Policy management dashboard and open the JSON tab.

Create IAM Policy Create an IAM Policy

Copy the following JSON into the editor:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "autoscaling:*",
                "ec2:*",
                "eks:*",
                "iam:*",
                "sts:GetCallerIdentity",
                "tag:*",
                "s3:*"
            ],
            "Resource": "*"
        }
    ]
}

Click on Next: Tags and add tags for your own house keeping. Click on Next: Review and enter a name and description for the policy.

Review IAM Policy Review IAM Policy

Once you've done this, click Create policy.

Create an IAM Role

Navigate to New Role from the AWS Console and pick “Another AWS account“ as a type of trusted entity. Enter 819814149250 as “Account ID” and check the “Require external ID” option.

Go back to the StarTree Cloud UI and copy the AWS External ID onto your clipboard.

Return to the AWS Console and paste that value into the External ID field. Proceed by clicking on “Next: Permissions”.

IAM Role IAM Role

In this next section, use the “filter policies” search bar to search for the policy created in the previous step. Once found, check it and click on “Next: Tags“. Feel free to add custom tags for your own house keeping. Once you've done that, click on “Next: Review“. Enter a name of your preference for the role and click “Create role“.

Create Role Create role

A notification will confirm that the Role is successfully created. Click on its name to access the Role details page.

Role confirmation

Configure IAM Role ARN

Click on the role created above and in the Summary section copy the Role ARN field.

Go back to the StarTree Cloud UI and copy this value into the AWS Role Arn field. Enter a name for the cloud provider if you haven't already and click on the Create button.

Your cloud provider is now configured.