Cloud Sources
How to use different types of cloud sources with Code Pipes
Cloud Account Credentials
GCP
To set up your GCP cloud account in Code Pipes, follow these steps:
-
Go to the Code Pipes dashboard and click on "Add Cloud Source".
-
Select "GCP" as the cloud provider.
-
Provide the following information to authenticate with your GCP account:
a. Service Account: Specify the location of your GCP service account key file in JSON format. You can either drag and drop the .JSON file or click the up arrow icon to browse for it. If you don't have a service account, you can create one in Google Cloud Platform (GCP) by following the steps in Creating and Managing Service Account Keys. After creating the service account, you will receive a JSON file containing the credentials. It is crucial to securely store this JSON file as it grants access to your GCP resources.
b. GCP Permissions: Ensure that you have the necessary permissions to execute Terraform within your GCP account. We recommend assigning Project Editor permissions to your GCP service account.
-
Provide the Project ID of your GCP project. Please ensure that you have already created this project within GCP.
-
Specify the Cloud Account Name you would like Code Pipes to use for this cloud account.
By adding the GCP Cloud Source with the Service Account Key, appropriate permissions, Project ID, and Cloud Account Name, you will be able to authenticate and access your GCP resources within Code Pipes for streamlined integration and automation.
AWS
To add an AWS Cloud Source in Code Pipes, follow these steps:
-
Go to the Code Pipes dashboard and click on "Add Cloud Source".
-
Select "AWS" as the cloud provider.
-
Choose the appropriate authentication method based on your requirements:
a. Access Key and Secret: If you want to use an Access Key ID and Secret Access Key for authentication, provide the following information:
- Access Key ID: Enter the Access Key ID associated with your AWS account.
- Secret Access Key: Enter the Secret Access Key corresponding to the Access Key ID.
b. Role ARN: If you prefer to use an AWS IAM role for authentication, provide the following information:
- Role ARN: Enter the ARN (Amazon Resource Name) of the IAM role you want to use. You can learn more about creating IAM roles in the AWS IAM documentation.
-
Select the AWS region where your resources are located from the available options. This is important for Code Pipes to access and interact with the correct region in your AWS account.
-
Provide a name for the AWS Cloud Source that will be used for identification within Code Pipes.
-
Save the credentials
By adding the AWS Cloud Source with either Access Key and Secret or Role ARN, along with specifying the AWS region, you will be able to authenticate and access your AWS resources within Code Pipes for seamless integration and automation.
Azure
To set up your Azure cloud account and Azure DevOps credentials in Code Pipes, follow these steps:
-
Go to the Code Pipes dashboard and click on "Add Cloud Source".
-
Select "Azure" as the cloud provider.
-
Provide the following Azure portal details to authenticate with your Azure account:
a. Subscription ID: Log in to the Azure Portal. From the Home page, click on "Subscriptions" and copy the Subscription ID of the subscription you want to add to Code Pipes.
b. Application (Client) ID: Go to the Azure Portal Home page, navigate to "All Services" > "Azure Active Directory" > "App Registrations". Select an existing application or register a new application (e.g., CodePipes). Copy the Application (Client) ID of the newly registered application. Note that you need to grant the application appropriate permissions through Role assignments to work with the current Azure subscription.
c. Directory (Tenant) ID: In the Azure Active Directory of the application, copy the Directory (Tenant) ID.
d. Client Secret: Go to the newly registered application in Azure Active Directory. Navigate to "Certificates & Secrets" > "Create new client secret". Fill in the required information and click "Add". The client secret will be displayed. Copy the client secret from the Value column.
-
Provide the Azure DevOps details:
a. Organization Name: Log in to Azure DevOps and copy the organization name from the Home page.
b. Personal Access Token (PAT): Once you are logged in to Azure DevOps, click on the User settings icon in the top-right corner. Go to "Personal access tokens" and generate a token with all the necessary permissions. Copy and paste the PAT.
c. Project Name: From within Azure DevOps, select the organization you specified above and copy the name of the Azure DevOps project you want to use.
-
For Azure resource group credentials, you need to create a resource group with any name (e.g., codepipes) and apply the following roles:
"permissions": [
{
"actions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/write",
"Microsoft.Storage/storageAccounts/blobServices/generateUserDelegationKey/action",
"Microsoft.ServiceBus/checkNamespaceAvailability/action",
"Microsoft.ServiceBus/checkNameAvailability/action",
"Microsoft.ServiceBus/register/action",
"Microsoft.ServiceBus/unregister/action",
"Microsoft.ServiceBus/namespaces/write",
"Microsoft.ServiceBus/namespaces/read",
"Microsoft.ServiceBus/namespaces/Delete",
"Microsoft.ServiceBus/namespaces/authorizationRules/action",
"Microsoft.ServiceBus/namespaces/migrate/action",
"Microsoft.ServiceBus/namespaces/removeAcsNamepsace/action",
"Microsoft.ServiceBus/namespaces/privateEndpointConnectionsApproval/action",
"Microsoft.ServiceBus/namespaces/authorizationRules/write",
"Microsoft.ServiceBus/namespaces/authorizationRules/read",
"Microsoft.ServiceBus/namespaces/authorizationRules/delete",
"Microsoft.ServiceBus/namespaces/authorizationRules/listkeys/action",
"Microsoft.ServiceBus/namespaces/authorizationRules/regenerateKeys/action",
"Microsoft.ServiceBus/namespaces/disasterrecoveryconfigs/checkNameAvailability/action",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/write",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/read",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/delete",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/breakPairing/action",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/failover/action",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/authorizationRules/read",
"Microsoft.ServiceBus/namespaces/disasterRecoveryConfigs/authorizationRules/listkeys/action",
"Microsoft.ServiceBus/namespaces/eventGridFilters/write",
"Microsoft.ServiceBus/namespaces/eventGridFilters/read",
"Microsoft.ServiceBus/namespaces/eventGridFilters/delete",
"Microsoft.ServiceBus/namespaces/eventhubs/read",
"Microsoft.ServiceBus/namespaces/ipFilterRules/read",
"Microsoft.ServiceBus/namespaces/ipFilterRules/write",
"Microsoft.ServiceBus/namespaces/ipFilterRules/delete",
"Microsoft.ServiceBus/namespaces/migrationConfigurations/write",
"Microsoft.ServiceBus/namespaces/migrationConfigurations/read",
"Microsoft.ServiceBus/namespaces/migrationConfigurations/delete",
"Microsoft.ServiceBus/namespaces/migrationConfigurations/revert/action",
"Microsoft.ServiceBus/namespaces/migrationConfigurations/upgrade/action",
"Microsoft.ServiceBus/namespaces/messagingPlan/read",
"Microsoft.ServiceBus/namespaces/messagingPlan/write",
"Microsoft.ServiceBus/namespaces/operationresults/read",
"Microsoft.ServiceBus/namespaces/skus/read",
"Microsoft.ServiceBus/namespaces/providers/Microsoft.Insights/diagnosticSettings/read",
"Microsoft.ServiceBus/namespaces/providers/Microsoft.Insights/diagnosticSettings/write",
"Microsoft.ServiceBus/namespaces/providers/Microsoft.Insights/logDefinitions/read",
"Microsoft.ServiceBus/namespaces/providers/Microsoft.Insights/metricDefinitions/read",
"Microsoft.ServiceBus/namespaces/networkruleset/read",
"Microsoft.ServiceBus/namespaces/networkruleset/write",
"Microsoft.ServiceBus/namespaces/networkruleset/delete",
"Microsoft.ServiceBus/namespaces/networkrulesets/read",
"Microsoft.ServiceBus/namespaces/networkrulesets/write",
"Microsoft.ServiceBus/namespaces/networkrulesets/delete",
"Microsoft.ServiceBus/namespaces/privateEndpointConnections/read",
"Microsoft.ServiceBus/namespaces/privateEndpointConnections/write",
"Microsoft.ServiceBus/namespaces/privateEndpointConnections/delete",
"Microsoft.ServiceBus/namespaces/privateEndpointConnections/operationstatus/read",
"Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies/validate/action",
"Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies/read",
"Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies/write",
"Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies/delete",
"Microsoft.ServiceBus/namespaces/privateEndpointConnectionProxies/operationstatus/read",
"Microsoft.ServiceBus/namespaces/privateLinkResources/read",
"Microsoft.ServiceBus/namespaces/queues/write",
"Microsoft.ServiceBus/namespaces/queues/read",
"Microsoft.ServiceBus/namespaces/queues/Delete",
"Microsoft.ServiceBus/namespaces/queues/authorizationRules/action",
"Microsoft.ServiceBus/namespaces/queues/authorizationRules/write",
"Microsoft.ServiceBus/namespaces/queues/authorizationRules/read",
"Microsoft.ServiceBus/namespaces/queues/authorizationRules/delete",
"Microsoft.ServiceBus/namespaces/queues/authorizationRules/listkeys/action",
"Microsoft.ServiceBus/namespaces/queues/authorizationRules/regenerateKeys/action",
"Microsoft.ServiceBus/namespaces/topics/write",
"Microsoft.ServiceBus/namespaces/topics/read",
"Microsoft.ServiceBus/namespaces/topics/Delete",
"Microsoft.ServiceBus/namespaces/topics/authorizationRules/action",
"Microsoft.ServiceBus/namespaces/topics/authorizationRules/write",
"Microsoft.ServiceBus/namespaces/topics/authorizationRules/read",
"Microsoft.ServiceBus/namespaces/topics/authorizationRules/delete",
"Microsoft.ServiceBus/namespaces/topics/authorizationRules/listkeys/action",
"Microsoft.ServiceBus/namespaces/topics/authorizationRules/regenerateKeys/action",
"Microsoft.ServiceBus/namespaces/topics/subscriptions/write",
"Microsoft.ServiceBus/namespaces/topics/subscriptions/read",
"Microsoft.ServiceBus/namespaces/topics/subscriptions/Delete",
"Microsoft.ServiceBus/namespaces/topics/subscriptions/rules/write",
"Microsoft.ServiceBus/namespaces/topics/subscriptions/rules/read",
"Microsoft.ServiceBus/namespaces/topics/subscriptions/rules/Delete",
"Microsoft.ServiceBus/namespaces/virtualNetworkRules/read",
"Microsoft.ServiceBus/namespaces/virtualNetworkRules/write",
"Microsoft.ServiceBus/namespaces/virtualNetworkRules/delete",
"Microsoft.ServiceBus/operations/read",
"Microsoft.ServiceBus/locations/deleteVirtualNetworkOrSubnets/action",
"Microsoft.ServiceBus/sku/read",
"Microsoft.ServiceBus/sku/regions/read"
],
"notActions": [],
"dataActions": [
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/read",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/delete",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/write",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/add/action",
"Microsoft.Storage/storageAccounts/blobServices/containers/blobs/move/action",
"Microsoft.ServiceBus/namespaces/messages/send/action",
"Microsoft.ServiceBus/namespaces/messages/receive/action"
],
"notDataActions": []
}
]
These permissions are required for Code Pipes to interact with Azure resources, including storage accounts and service bus namespaces.
Please note that it's important to review and fine-tune the permissions according to your specific requirements and security guidelines.
Updated about 1 year ago