Skip to main content
Version: 0.7

Cloud Accounts

In order to use Kore, you need to provide it with access to one or more cloud providers that you wish it to use. For each provider, Kore supports two methods of integration:

  • Organization account automation provides new isolated AWS accounts, GCP projects and Azure subscriptions on demand for your teams, ensuring best practice separation between each team and environment, and allowing Kore to manage least-privilege access into those accounts.

  • Shared accounts allow you to add existing AWS accounts, GCP projects and Azure subscriptions to Kore and allocate them to your teams as you see fit. Team infrastructure will be provisioned directly into these when requested by teams. You take responsibility for providing access for Kore into the accounts and for ensuring teams have accounts allocated to them.

We recommend using organization account automation where possible, however you can mix and match these approaches as needed.

See also Supported public clouds.

Organization account automation (recommended)#

Adding an organization cloud account to Kore gives it the ability to create and manage cloud accounts on demand for your teams, subject to the rules and conventions you configure. You will typically add a single Organization type account to Kore for each provider you wish to use.

Naming rules#

For an organization, you must specify naming rules to manage the accounts created for teams based on the cluster plans they select. This allows you to customise prefixes and suffixes around the team name, and map cluster plans to naming rules to control the naming convention.

Kore Operate account naming rules

Example

If you specify that when a team selects the EKS Development plan it should be placed in an account named myorg-{teamname}-notprod and EKS Production should be placed in myorg-{teamname}-prod, when team productdev requests an EKS Development cluster the resulting account will be myorg-productdev-notprod

Should that team request a second EKS Development cluster, it will share myorg-productdev-notprod. If the team requests an EKS Production cluster, it would be placed in a new myorg-productdev-prod account.

Set up#

Kore needs specific information and set-up for each cloud provider to support account automation - the following pages will take you through the required steps:

Visibility#

As an administrator, you can see the managed cloud accounts that have been created for teams using the Kore UI (Admin > Configure > Cloud > Provider > Managed Accounts/Projects/Subscriptions) or using kore get cloudaccounts --all-managed on the CLI.

Kore Operate managed account list

Closing cloud accounts provisioned by Kore#

Closing accounts provisioned by Kore takes a particular set of steps with each cloud provider, after removing (or 'un-managing') the unused account from Kore:

Shared cloud accounts#

Adding a shared cloud account to Kore gives it the ability to use an existing cloud account directly to build team infrastructure. You can control which teams have access to request infrastructure in each account.

You can find out the pre-requisites for adding shared cloud accounts to Kore for each of the providers:

Last updated on Aug 5, 2021