# Cloud Center Management Guide on the Elven Platform In Elven Platform’s **Cloud Center**, your **Cloud** acts as the **bridge** between your **infrastructure** and **cloud providers** like **AWS**, **Azure**, or even **custom Clouds**. Here, **connecting**, **managing**, and **monitoring** your **environments** becomes simple and intuitive. Designed with a focus on **practicality**, the **Cloud Center** offers a **seamless experience** so you can **centralize** everything in one place, gaining **control** and **visibility** over your **resources**. Our goal is for you to focus your time on what truly matters: creating **amazing experiences** for your **users**, while we take care of the rest. ## **Accessing the Cloud Center** * Navigate to the **main menu** and click on **Monitoring**. * In the **submenu**, select the **Clouds** item. ## **Working with the Cloud Center** In the **Cloud Center** of the **Monitoring module** on the **Elven Platform**, we provide a **Cloud Listing** designed to offer a clear and organized view of all configured **Clouds**. Here, you’ll find all the essential details, such as the **configuration name** and the associated **provider** (**AWS**, **Azure**, or even **custom options**), allowing for quick and accurate identification. To make the experience even more efficient, you can use the **search field** to easily locate specific **Clouds**, or navigate through the **configuration pages** using the **pagination** feature. Everything has been designed to simplify **Cloud management**. With just a few clicks, you can **edit** an existing configuration using the **pencil icon**, or **remove** unnecessary **Clouds** with the **trash icon**. Need to add a new **Cloud**? The **‘New’ button** is ready for you, redirecting you to the **creation form page**. All of this was built to give you maximum **control** and **convenience**, making your **infrastructure management** straightforward and efficient. The **New Cloud Configuration** in the **Monitoring module** of the **Elven Platform** makes the process of connecting to a **cloud provider** fast and intuitive. You can create a new **custom configuration**, defining all the necessary details to integrate providers like **AWS** or **Azure**. ## **Configuring a New AWS Cloud** To create a **Cloud** for **AWS** on the **Elven Platform**, you need to fill in some essential information. First, under **Cloud Provider**, select the **AWS** option. Then, choose a **Name**, which will be the name of your **Cloud** within the platform. This name is important for organizing your **configurations** and simplifying **management**. Next, you’ll need your **AWS credentials**: **Access Key ID** and **Secret Access Key**. These credentials belong to a **Programmatic User**, who must have specific **permissions** to integrate with the **Elven Platform**. For this, we use a special **policy** called **1p-agent**, which grants controlled access to resources like **EC2**, **Lambda**, **monitoring**, and **configuration management**. Once everything is filled out, simply click the **Save** button. From that moment, your **Cloud** will be ready to use within the platform, allowing you to **monitor** and **manage** your **AWS resources** efficiently and securely. {% embed url="" %} ### **1p-agent Policy** ``` { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RunInstances", "ec2:CreateVolume" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:volume/*" ], "Condition": { "StringEquals": { "aws:RequestTag/Owner": "1p-agent" }, "ForAllValues:StringEquals": { "aws:TagKeys": [ "Owner", "Name", "Environment" ] } } }, { "Sid": "VisualEditor1", "Effect": "Allow", "Action": [ "ec2:RevokeSecurityGroupIngress", "ec2:RebootInstances", "ec2:AuthorizeSecurityGroupEgress", "ec2:AuthorizeSecurityGroupIngress", "ec2:UpdateSecurityGroupRuleDescriptionsEgress", "ec2:TerminateInstances", "ec2:StartInstances", "ec2:RevokeSecurityGroupEgress", "ec2:DeleteSecurityGroup", "ec2:StopInstances", "ec2:UpdateSecurityGroupRuleDescriptionsIngress" ], "Resource": [ "arn:aws:ec2:*:*:instance/*", "arn:aws:ec2:*:*:security-group/*" ], "Condition": { "StringEquals": { "ec2:ResourceTag/Owner": "1p-agent" } } }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "ec2:RunInstances", "Resource": [ "arn:aws:ec2:*:*:subnet/*", "arn:aws:ec2:*:*:key-pair/*", "arn:aws:ec2:*::snapshot/*", "arn:aws:ec2:*:*:security-group/*", "arn:aws:ec2:*:*:network-interface/*", "arn:aws:ec2:*::image/*" ] }, { "Sid": "VisualEditor3", "Effect": "Allow", "Action": [ "lambda:ListVersionsByFunction", "lambda:GetLayerVersion", "logs:*", "lambda:GetAccountSettings", "lambda:GetFunctionConfiguration", "lambda:GetLayerVersionPolicy", "lambda:ListProvisionedConcurrencyConfigs", "rds:Describe*", "lambda:GetProvisionedConcurrencyConfig", "lambda:ListTags", "ec2:CreateSecurityGroup", "lambda:ListLayerVersions", "lambda:ListLayers", "lambda:ListCodeSigningConfigs", "lambda:GetAlias", "lambda:ListFunctions", "s3:*", "lambda:GetEventSourceMapping", "lambda:GetFunction", "ec2:CreateTags", "lambda:ListAliases", "lambda:GetFunctionUrlConfig", "lambda:ListFunctionUrlConfigs", "elasticache:Describe*", "lambda:GetFunctionCodeSigningConfig", "lambda:ListFunctionEventInvokeConfigs", "ec2:Describe*", "lambda:ListFunctionsByCodeSigningConfig", "cloudwatch:*", "lambda:GetFunctionConcurrency", "lambda:GetFunctionEventInvokeConfig", "lambda:ListEventSourceMappings", "lambda:GetCodeSigningConfig", "lambda:GetPolicy" ], "Resource": "*" }, { "Sid": "VisualEditor4", "Effect": "Allow", "Action": [ "iam:get*", "iam:list*" ], "Resource": "arn:aws:iam::*:user/${aws:username}" }, { "Sid": "VisualEditor5", "Effect": "Allow", "Action": "ssm:*", "Resource": [ "arn:aws:s3:::*", "arn:aws:ssm:*:*:opsmetadata/*", "arn:aws:ec2:*:*:instance/*", "arn:aws:ssm:*:*:parameter/*" ] } ] } ``` ## **Configuring a New Azure Cloud** To create an **Azure Cloud** on the **Elven Platform**, you’ll need to fill in some essential information. First, under **Cloud Provider**, select the **Azure** option. Then, choose a **Name**, which will be the name of your **Cloud** within the platform. This name is fundamental for organizing your **configurations** and simplifying the **management** of your **resources**. Next, you’ll need to provide your **Azure credentials**: **CLIENT\_ID**, **TENANT\_ID**, **SUBSCRIPTION\_ID**, and **CLIENT\_SECRET**. These credentials are linked to the **Service Principal** created in **Azure**, with specific **permissions** to integrate with the **Elven Platform**. They ensure secure access to your **Azure Cloud resources**, allowing you to **monitor** and **manage** services such as **virtual machines**, **databases**, and other **resources**. Once all the information is filled out, simply click the **Save** button. From that moment, your **Azure Cloud** will be configured and ready to use within the platform, providing effective and secure **management** of your **Azure resources**. {% embed url="" %} ## **Configuring a New Custom Cloud** To create a **Custom Cloud** on the **Elven Platform**, you’ll need to fill in some essential information. First, under **Cloud Provider**, select the **Custom** option. Then, choose a **Name**, which will be the name of your **Cloud** within the platform. This name is fundamental for organizing your **configurations** and simplifying the **management** of your **resources**. {% embed url="" %} ## **Glossary of Technical Terms** **Cloud Center**: The **cloud infrastructure management hub** on the **Elven Platform**. It’s where you can **connect**, **manage**, and **monitor** your **cloud environments**, such as **AWS**, **Azure**, or **custom Clouds**, centralizing all **resources** in a single location. **Clouds**: Term used to describe **cloud provider configurations** on the **Elven Platform**. Here, you can **view**, **edit**, **remove**, or **add new Clouds** to manage your **infrastructure**. **Cloud Provider**: The **cloud provider** to which the configuration connects, such as **AWS**, **Azure**, or **custom Clouds**. The provider defines the **resources** and **services** available to your **infrastructure**. **Name**: Field where you define the **Cloud configuration name**, helping to identify and organize the different **Clouds** integrated into the platform. **Access Key ID** and **Secret Access Key**: **Authentication credentials** required to establish a connection with the **cloud provider**, ensuring **security** and proper **resource access**. **Cloud Infrastructure Management**: The process of **connecting**, **configuring**, and **monitoring** **cloud resources** within the **Elven Platform**, aiming for simplified and efficient **IT infrastructure management**. **Client ID**: A unique identifier for an application registered in **Azure Active Directory (Azure AD)**. It is used to **authenticate** the application and allow it to access **Azure resources** on behalf of a user or **Service Principal**. This identifier is essential for secure communication between the platform and **Azure**. **Tenant ID**: A unique identifier for the **Azure Active Directory (Azure AD) tenant** associated with your **Azure subscription**. It defines the scope where **identities** (users and applications) are located. The **Tenant ID** is required to associate the application with the correct **directory** and ensure secure access to **resources** within the tenant’s scope. **Subscription ID**: A unique identifier for an **Azure subscription**. It links the application to the **resources** and **services** available within that subscription. Each **Azure subscription** is isolated, allowing you to manage **resources** independently across different accounts or environments. The **Subscription ID** is essential for directing application actions to the correct subscription. **Client Secret**: A **secret key** associated with the application registered in **Azure Active Directory**. It functions like a **password** to authenticate the **Service Principal** and ensure the application has permission to access defined **resources**. The **Client Secret** must be kept secure, as it is essential for secure communication between the platform and **Azure**. **Service Principal**: A **security identity** used by applications, services, or automations to access **resources** within **Azure**. It allows the application to **authenticate** and obtain specific **permissions** without requiring a real user.