# Cloud Authorizations
Zeeve allows you to authorize multiple cloud accounts of yours so as to create networks in the cloud of your choice. You may choose to deploy some nodes of network on one cloud and extend some nodes of the same on another. This cross cloud deployment maybe a major requirement for your usecase or clients especially for creating/expanding consortiums.
Zeeve supports a list of cloud for you to choose from. You can authorize multiple clouds and choose between them at the time of creating networks or nodes. Following is the list of currently supported clouds:-
- AWS
- Digital Ocean
INTERESTING FACT: Zeeve doesn't use blockchain services of any of the supported cloud platforms, and hence is not restricted for the level of features it can provide for a protocol on any cloud.
# AWS Authorization
Before you authorize your AWS account with Zeeve, you'll need following permissions to deploy a network:
- Permission to create VPC, Elastic Ips, EC2 instance, Security group, Internet gateway and Route tables.
- For Fabric, you need additional permissions to read/write EKS, CloudFormation and to create and pass any Role in IAM.
To authorize your AWS account on Zeeve:-
Hover on profile
Click on Edit Profile
Click on My Cloud.
Click on AWS and then click on Add AWS Cloud.
You will need AWS Access Key and AWS Access Secret Key, to authenticate your AWS account with Zeeve.
# Digital Ocean Authorization
To authorize your Digital Ocean account on Zeeve you'll need to ensure certain things:-
- User must have an account with enough permissions to create -
- Project
- Droplets
- and Kubernetes service.
After which on Zeeve do following steps:-
Hover on profile
Click on Edit Profile
Click on your cloud authentication for Digital Ocean account, click on Authorize digital Ocean.
Click on DigitalOcean and then click on Add Digital Ocean Cloud.
Authorize DigitalOcean will redirect you to login page, you can add your DigitalOcean credentials and then click on Add Cloud.
After that click on the team which you want to give access and click on Authorize Application.
# Tencent Cloud Authorization
Before you authorize Tencent Cloud on Zeeve, you will need to add Zeeve's IDP into your Cloud account.
# Creating an OIDC IdP
On the left sidebar in the CAM console, select Identity Providers > Role-Based SSO.
On the Role-Based SSO page, click Create IdP.
On the page you enter, select OIDC as the IdP type and enter the following IdP information.
IdP Name:zeeve_oauth
IdP URL:https://login.microsoftonline.com/9188040d-6c67-4c5b-b112-36a304b66dad/v2.0
Client ID:505b1146-13fe-4df6-927a-ca57321786fd
Public Key for Signature: For this you can click on this link (https://login.microsoftonline.com/common/discovery/v2.0/keys) (opens new window) then copy all the content and paste it in the column.Click Next to enter the information review page.
Confirm the information you entered and click Complete to save it.
# Creating a role for the IdP
On the left sidebar in the CAM console, click Roles.
On the role management page, click Create Role.
Select IdPs as the role entity.
On the page you enter, select OIDC as the IdP type.
Select an IdP you created i.e zeeve_oauth.
Set conditions for the role:
oidc:aud:505b1146-13fe-4df6-927a-ca57321786fd
oidc:sub: Delete this.
Click Next.
On the page you enter, associate the QCloudResourceFullAccess and the QCloudFinanceFullAccess policy with the role and click Next.
On the review page, enter the role name and role description (optional) and click Complete to save the above configurations.
# Authorizing Cloud account
Hover on profile
Click on Edit Profile
Click on My Cloud.
Click on Tencent and then click on Add Tencent Cloud.
Add the ProviderId and RoleARN that you have created in the previous steps.
Login through any of your microsoft personal account, work account or you can add an account.
This will lead you to a consent screen where you will need to Accept the Terms & Conditions to allow Zeeve to use your credentials.
