Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Add public cloud credentials for a tenant

...

See Add public cloud credentials for a tenant

To work with a public cloud region, each enterprise should have its own public cloud account for each cloud provider. All the users in the tenant will work with this same account. 

Panel
bgColor#FFFAE6

Privileges: Manage provider credentials

Before you begin:

  1. Obtain credentials to access the cloud provider's API. For Abiquo's basic guides, see Obtain public cloud credentials.  Always check your provider documentation too.

To add public cloud credentials:

  1. Go to Users → select and edit enterprise → Credentials → Public

  2. Enter the Credentials as described here

    1. Select the Provider: Some providers may require different credentials for groups of regions

    2. Enter the credentials as described in the table below

    3. If the customer account is under a provider partner account and will not have compute access, select Only for billing. 
      (warning) For a standalone customer account, see Add a customer AWS account for billing only.

    Image Removed
  3. Click Add account. The platform will validate your credentials with the cloud provider and save them

  4. Finish editing the enterprise and click Save

This will add a cloud provider account for a tenant enterprise with access to a public cloud region.

In resellers with Amazon, Azure ARM, and other partner accounts, to create a customer account in the provider and add it to an enterprise in the platform, click the enterprise building Create account button. See Create an account in public cloud for the customer of a reseller.

Public cloud credentials table

...

Attribute

...

Description

...

Compute Compute access

...

Access key ID

...

For compute access, identity to access the cloud provider API. For example, a username, API access key ID, subscription ID and certificate, or another account identifier.

For Azure, the format is subscription-id#app-id#tenant-id
For Google the format is project_id#client_id#client_email#private_key_id
For OCI, the format is tenancy#user#fingerprint

...

Secret access key

...

Key to access the cloud provider API. For example, an API key or other API credential. For Azure, enter the password for the app. For OCI enter the private key in PEM format.

...

Also use for pricing

...

Use this credential to access pricing data in the provider and for cost usage data for billing dashboards. For example, to get hardware profile prices from AWS or to obtain billing data from OCI. For Azure, add a separate pricing credential in a different format. The API user must have pricing and billing permissions in the provider

...

Billing only

...

Only for billing

...

If your customer is part of your reseller hierarchy AND their public cloud account is under your reseller or partner account AND they do not require compute access, then mark this checkbox AND enter the Access key ID as follows:

  • For Azure, the format is subscription-id##tenant-id

  • For AWS, the format is account-id

For these customers, for the Secret access key, you can enter a random string

...

Delete public cloud credentials

Note
  • We recommend that you wait until the end of the billing period to delete public cloud credentials.
    If you delete the public cloud credentials before the next billing check has been run after usage has ended, there may be missing costs in the bill

  • If you delete public cloud credentials, then you cannot delete the public cloud resources using Abiquo

To delete public cloud credentials:

  1. Go to Edit enterprise credentials

  2. Click the trash bin icon next to the provider name in the Current credentials section.

...

Create a user to access the cloud provider portal

Excerpt
nameCreate a user to access the cloud provider portal

When your enterprise has credentials for a public cloud provider, you can create a user account in a cloud provider. From here you can also click a link to access the cloud provider portal.

Abiquo displays the public cloud account identifiers on the Credentials tab.

Panel
bgColor#FFFAE6

Privileges: Manage user creation in provider

To create a user:

  1. Go to Users → Edit enterprise

  2. Go to Credentials

  3. For a provider with credentials that supports user creation, click Create user.
    The platform will send the following to the cloud provider:

    • Details from your user account, including the username and email

    • An automatically generated password

      • The administrator can configure the generation of the password with the "abiquo.guest.password.length" and "abiquo.guest.password.exclude" properties.

    The platform will create an event with the enterprise ID, user ID, user email, date/time, and cloud provider.
    The user in the provider will have the following permissions: 

    • Azure: built-in Owner role.

    • AWS: in the same groups as the current user.

    • vCloud: by default the same as the current user, so usually an Organization Administrator

      • The administrator can configure the role to assign with the "abiquo.vcd.org.userRoleName" property

  4. The platform displays the user credentials only once and it does not store these credentials

    Image Removed Display user credentials for the cloud portalImage Added

    To access the cloud provider portal, click user portal link or portal link

    • If you click portal link, on the Edit enterprise dialog, then you will need to enter your account ID and password in the cloud provider

...

Excerpt
nameSet enterprise properties to store tenant metadata

To store tenant details and metadata, by setting enterprise properties: 

  • Go to Users → edit enterprise → Properties.

  • To add properties, enter a Key and Value for each property and click the Add button

    • These fields have a maximum length of 255 characters each   

Image RemovedEdit an enterprise to add properties for details and metadataImage Added

To edit a property's Value, click the pencil edit button. And to delete a property, click the trash bin delete button.

Tip

To set default enterprises properties and values for your users, see Predefine enterprise properties for the UI .

For details of how to manage enterprise properties via the API, see Update enterprise properties via API .

To add tenant metadata to VMs, see Inject enterprise properties as VM variables.

...