Cloud Accounts

The resource “cloudaccounts” represents a cloud provider account. CloudCasa supports AWS and Azure cloud providers at the moment.

Note

Please note that you need to have an existing account with AWS or other cloud providers before creating “cloudaccounts” resource in CloudCasa.

Creating a Cloud Account resource

Send a POST request with “name” and “provider_type” in the body. These fields are required to create the “cloudaccounts” resource.

Possible values for “provider_type” field are “aws” and “azure”.

POST /api/v1/cloudaccounts

{
    "name": "testawsaccount",
    "description": "Created for testing purposes",
    "tags": {
        "testkey": "testval"
    },
    "provider_type": "aws"
}

HTTP/1.1 201 CREATED
Location: https://api.cloudcasa.io/api/v1/cloudaccounts/5fe91b64570ccd792017ed1e

{
     "_created": "Sun, 27 Dec 2020 23:40:20 GMT",
     "_etag": "f64bac5067e8a894b6ca288b9a58ca19a1968b60",
     "_id": "5fe91b64570ccd792017ed1e",
     "_links": {
         "self": {
             "href": "/v1/cloudaccounts/5fe91b64570ccd792017ed1e",
             "title": "Cloudaccount"
         }
     },
     "_status": "OK",
     "_updated": "Sun, 27 Dec 2020 23:40:20 GMT",
     "name": "testawsaccount",
     "description": "Created for testing purposes",
     "tags": {
         "testkey": "testval"
     },
     "provider_type": "aws"
}

Once “cloudaccounts” resource is created, the client needs to perform few steps in order to bring the resource to ACTIVE state. These steps vary depending on the cloud provider type.

Post-registration steps for AWS Accounts

  • After “cloudaccounts” resource is created, poll the resource by doing a GET request until “status” appears, as can be seen here:

    GET /api/v1/cloudaccounts/5fe91b64570ccd792017ed1e?embedded={"aws.awsaccount":1}
    
     HTTP/1.1 200 OK
     ETag: "bf795b564df30a64fcda5c9ecf19d85379f26e5d"
     Last-Modified: Mon, 08 Feb 2021 14:39:32 GMT
    
     {
         "_id": "60214c31bb86d8108fcff9e8",
         "name": "testawsaccount",
         "status": {
             ...,
             "state": "PENDING"
         },
         "aws": {
             "awsaccount": {
                 "_id": "62f67f1f24d2d5a8329121e6",
                 "name": "cloudaccount-1660321567",
                 "opt_out": [],
                 "_updated": "Mon, 08 Feb 2021 14:35:29 GMT",
                 "_created": "Mon, 08 Feb 2021 14:35:29 GMT",
                 "_deleted": false,
                 "org_id": "62f3c999c579f63a692e7d9e",
                 "_etag": "be44c43d7c2e35e1a30a25c1613330c2994e7b7f",
                 "status": {
                     "cfLaunchURL": "https://console.aws.amazon.com/cloudformation/home#/stacks/create/review?templateURL=https://s3.amazonaws.com/cloudcasa-cf/cloudcasa_014.yml&stackName=cloudcasa-v015&param_CCAccountId=60214c31bb86d8108fcff9e8"
                 }
             }
         },
         ...
     }
    

    Note the “embedded” query parameter. It is required so that the response contains full “awsaccounts” resource.

    Once the “status.state” field of the cloudaccount resource is in “PENDING” state, proceed to the next step.

  • At this point, CloudCasa provides a launch URL for CloudFormation stack, in the field aws.awsaccount.cfLaunchURL. Following the link in a Browser will allow the user to complete the cloud account registration process. Alternatively, the same process can be done programmatically as well by using any of the official AWS SDKs.

    The following example uses the Python Boto3 SDK.

    # cloudaccount refers to a dict containing the entire cloudaccounts resource
    # template_url is the URL in the query parameter "templateURL",
    #   within the "cfLaunchURL" field.
    #   E.g. "https://s3.amazonaws.com/cloudcasa-cf/cloudcasa_015.yml"
    
    import boto3
    import urllib
    
    client = boto3.client('cloudformation')
    
    cf_launch_url = cloudaccount["aws"]["awsaccount"]['status']['cfLaunchURL'].replace("#", "")
    url_params = urllib.parse.parse_qs(urllib.parse.urlparse(cf_launch_url).query)
    template_url = url_params['templateURL'][0]
    
    response = client.create_stack(StackName="some_name_for_the_stack", TemplateURL=template_url,
         Parameters=[
             {
                 'ParameterKey': 'CCAccountId',
                 'ParameterValue': cloudaccount["_id"]
             },
             {
                 'ParameterKey': 'EKS',
                 'ParameterValue': "true"
             },
             {
                 'ParameterKey': 'EBSVolumeSnapshot',
                 'ParameterValue': "true"
             },
             {
                 'ParameterKey': 'RDS',
                 'ParameterValue': "false"
             },
             {
                 'ParameterKey': 'SecurityScan',
                 'ParameterValue': "false"
             }
           ],
         Capabilities=['CAPABILITY_IAM']
    )
    
  • “CCAccountId” parameter is required while all the other parameters that are used to select features (such as “EKS”, “EBSVolumeSnapshot”, “RDS”, and “SecurityScan”) are optional. By default, all these parameters that select features are set to “true”.

  • After creating the CloudFormation stack, poll cloudaccounts resource by doing a GET until “status.state” field is set to “ACTIVE”. This indicates that the AWS account is successfully registered with CloudCasa.

  • At this point, an inventory job would be automatically run to gather information about EKS clusters and other AWS resources such as EBS volumes.

Listing Discovered Clusters

After the cloud inventory job is complete, do a GET request to the “kubeclusters” API to see all the discovered clusters:

GET /api/v1/kubeclusters?where={"status.cloudaccount":"60214c31bb86d8108fcff9e8"}

{
   "_items": [
      {
         "_id": "62f3ca32c579f63a692e7e8d",
         "name": "test-cluster",
         "status": {
               "state": "DISCOVERED",
               "deployment_platform": "awseks",
               "awsekscluster_arn": "arn:aws:eks:us-east-1:727923484692:cluster/test-cluster",
               "cloudaccount": "60214c31bb86d8108fcff9e8",
               "version": "1.21",
               "agentURL": "https://api.cloudcasa.io/kubeclusteragents/O9AuTyPsKsFXURaK_Nw_sUR6WqMDmm7pck-ndh5X_rg=.yaml",
               ...
         },
         ...
   ],
   "_links": {
      "parent": {
            "href": "/",
            "title": "home"
      },
      "self": {
            "href": "v1/kubeclusters?max_results=15&where={\"status.cloudaccount\": \"60214c31bb86d8108fcff9e8\"}",
            "title": "/v1/kubeclusters"
      }
   },
   "_meta": {
      "max_results": 1,
      "page": 1,
      "total": 1
   }
}

Installing agent on a discovered Cluster

Obtain the agent URL from the “status.agentURL” field in the kubeclusters resource.

Apply the agent YAML, like so:

$ kubectl apply -f https://api.cloudcasa.io/kubeclusteragents/O9AuTyPsKsFXURaK_Nw_sUR6WqMDmm7pck-ndh5X_rg=.yaml

Afterwards, poll the kubeclusters resource by doing GET until “status.state” field is set to “ACTIVE”. This indicates that the cluster is successfully registered with CloudCasa and that backups can be defined for it.

Running Cloud Account Inventory

Inventory will run automatically once an account has been registered and every 12 hours since then. To trigger the inventory job manually, send a POST request, like so:

POST /api/v1/cloudaccounts/60214c31bb86d8108fcff9e8/action/inventory

{}

HTTP/1.1 200 OK

This will create a cloud inventory job if it is not already running.

Deleting a Cloud Account

DELETE /api/v1/cloudaccounts/60214c31bb86d8108fcff9e8

HTTP/1.1 204 NO CONTENT

The deletion of a cloud account would fail if it is in use.