Cloud Providers

sysopswork automates implementation of any cloud provider that supports command line or Web Service API.

To simplify authentication to some cloud providers, sysopswork offers natively the objects: AWS, Azure and GCP. However you are still able to automate other cloud providers.

Amazon Web Services

To automate AWS implementations, you require the following items:

• AWS account (can be created at https://aws.amazon.com)

• AWS CLI installed (can be downloaded from https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)

• Key / Secret pair generated by AWS (instructions provided below)

To generate AWS programmatic credentials (Key / Secret pair), follow the steps below:

Step 1. Login to your AWS account at https://aws.amazon.com.

Step 2. From AWS Management Console home screen, click on “Services” at the top left corner of the web page.

Step 3. At the navigation menu, click on “Security, Identity, & Compliance”, then click on “IAM”.

Step 4. At the left menu, on “Access management”, click on “Users”.

Step 5. At the top right corner, click on “Add users”.

Step 6. Define a “User name”. Click on Next.

Step 7. On Set permissions, click on option “Attach policies directly”. Then check the box of policy “AdministratorAccess”. At the bottom right of the page, click on “Next”.

Step 8. Click on “Create user” at the bottom right corner of the page.

Step 9. Click on newly created User name.

Step 10. Click on tab “Security credentials”.

Step 11. Scroll down to “Access keys”, and click on “Create access key”.

Step 12. Select option “Command Line Interface (CLI)”. And at the bottom of the page, check the box “I understand the above recommendation and want to proceed to create an access key.” Then click on “Next”.

Step 13. Click on “Create access key”.

Step 14. At the “Retrieve access keys” page, copy the ID from “Access key”. At “Secret access key”, click on “Show”, then copy the secret key. You can also click on “Download .csv file” to have both Key and Secret information downloaded as a file. After you took note of both “Access key” and “Secret access key”, you can click on “Done” button at the bottom right corner to finish the process.

Once you have the 3 items listed at the top of this section, to persist credentials, open the Command Prompt (on Windows) or Terminal (on macOS or Linux), navigate to sysopswork main directory and run the following command:

From Windows Command Prompt:

sysopswork -c AWS

From macOS / Linux Terminal:

./sysopswork -c AWS

You will be requested with the following information:

• sysopswork Master Key: used to encrypt your credentials, so can only be decrypted by your Master Key.

• AWS Key: provided with the Key / Secret pair mentioned above.

• AWS Secret: provided with the Key / Secret pair mentioned above.

• AWS Region: you have to select the region where you want to implement your commands. The list of valid values can be found at https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html#Concepts.RegionsAndAvailabilityZones.Regions

• AWS Format: use “json” (without the quotes).

Then, you can start using the following line in your scripts to automate AWS:

OBJECT: AWS

You can find AWS commands at their reference page at https://awscli.amazonaws.com/v2/documentation/api/latest/index.html

Microsoft Azure

To automate Azure implementations, you require the following items:

• Azure account (can be created at https://portal.azure.com)

• Azure CLI installed (can be downloaded from https://learn.microsoft.com/en-us/cli/azure/install-azure-cli)

• Azure application User ID, Password and Tenant (instructions provided below)

After Azure CLI is installed, login to your Azure account from Windows Command Prompt (or macOS / Linux Terminal):

az login

You require to authenticate to Azure using the web browser, then once you are logged in on Azure CLI, create a service principal using the command:

az ad sp create-for-rbac --name ServicePrincipalName

You can use other name instead of ServicePrincipalName

Azure is going to generate a User ID, Password and a Tenant ID.

Once you have the 3 items listed above (Azure account, Azure CLI, programmatic credentials), to persist credentials on sysopswork, open the Command Prompt (on Windows) or Terminal (on macOS or Linux), navigate to sysopswork main directory and run the following command:

From Windows Command Prompt:

sysopswork -c Azure

From macOS / Linux Terminal:

./sysopswork -c Azure

You will be requested with the following information:

• sysopswork Master Key: used to encrypt your credentials, so can only be decrypted by your Master Key.

• Azure Cloud Name: Name of the registered cloud. If you are using regular Azure, use the value AzureCloud.

• Azure User ID: provided with instructions above.

• Azure Password: provided with instructions above.

• Azure Tentant: provided with instructions above.

Then, you can start using the following line in your scripts to automate Microsoft Azure:

OBJECT: Azure

You can find Azure commands at their reference page at https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest

You can also automate Azure by using REST API. More information is available at https://learn.microsoft.com/en-us/rest/api/azure/.

Google Cloud Platform

To automate GCP implementations, you require the following items:

• GCP account (can be created at https://cloud.google.com)

• GCP CLI installed (can be downloaded from https://cloud.google.com/sdk/docs/install)

• GCP Service Account key file (instructions provided below)

After you have an account created and downloaded the GCP CLI program, below are the steps to generate a Service Account key file:

Step 1. Login to your GCP account at https://cloud.google.com.

Step 2. From GCP Console home screen, click on the search bar at the top web page, and type iam. You must see the option “IAM & Admin”. Click on it.

Step 3. At the left navigation menu, click on “Service Accounts”.

Step 4. At the top of the Service accounts page, click on “+ CREATE SERVICE ACCOUNT”.

Step 5. Enter a service account name. You can also give it a description if you want. Then click on “CREATE AND CONTINUE”.

Step 6. At the box Select a role, you can quickly select “Onwer”, if you are the owner of the account, or choose another role you prefer. Then click on “CONTINUE”.

Step 7. You can grant other users access to this service account if needed, or simply click on “DONE”.

Step 8. Back at Service accounts page, click on the e-mail link of the service account just created, then click on the tab “KEYS” at the account page.

Step 9. Click on “ADD KEY”, then select “Create new key”. At the modal that opens to select the Key type, keep “JSON” option selected, then click on CREATE. The Service Account key file will be automatically downloaded. Click on “CLOSE”.

Once you have the 3 items listed above (GCP account, GCP CLI, GCP Service Account key file), to persist credentials on sysopswork, open the Command Prompt (on Windows) or Terminal (on macOS or Linux), navigate to sysopswork main directory and run the following command:

From Windows Command Prompt:

sysopswork -c GCP

From macOS / Linux Terminal:

./sysopswork -c GCP

You will be requested to provide the following information:

• sysopswork Master Key: used to encrypt your credentials, so can only be decrypted by your Master Key.

• GCP Key Filename: Absolute path of where the key file is located, including the key filename. If you just downloaded it, it is likely to be located at your user’s Downloads directory. If you move the file to sysopswork main directory, you can simply enter the name of the key file.

Then, you can start using the following line in your scripts to automate Google Cloud:

OBJECT: GCP

GCP authentication is sensitive to precise time. Ensure you are using an automatic date/time configuration on your computer.

You can find GCP commands at their reference page at https://cloud.google.com/sdk/gcloud/reference

Google Cloud also provides a REST API interface, however the documentation is per resource basis. For example, for Compute Engine, you can find the REST API reference at https://cloud.google.com/compute/docs/reference/rest/v1. If you decide to use REST API to automate Google Cloud, please refer to respective resource’s documentation.

Other Cloud Providers

Most cloud providers expose REST APIs and provide command line interface programs.

sysopswork fully supports REST API automation. ( more details @ Automation Script ). This must be the preferred method of communication for automation.

In case of command line interface programs provided by your cloud provider (similar to the ones provided by AWS, Azure and GCP), you can use OBJECT: localhost and automate the native commands of the respective cloud CLI program.

Please, refer to your cloud provider documentation for details on their APIs, CLI programs and accepted commands.