Cloud accounts
What is a cloud account?
Besides Sandbox hosts it is also possible to add a cloud account to a sandbox environment. Cloud accounts are dedicated accounts on the major hyper scalers (AWS, Azure and GCP).
When adding such an account to a sandbox enviroment, Instruqt will provision a temporary account on the configured provider with matching credentials, for every sandbox instance that gets started. This means every learner will be able to get access to a dedicated, private account for the duration of the sandbox.
Once the learner is done with the sandbox, the Instruqt platform will automatically revoke all credentials and will cleanup up any resources that were provisioned in the cloud account.
When to use a cloud account?
For most intents and purposes, regular sandbox hosts are enough to enable learners about your product. However, in certain cases, you might need more resources or infrastructure to show what your product can do. Examples are:
Your product builds on top of Hyper Scaler services
Your product integrates with or orchestrates workflows on Hyper Scaler APIs
Your have complex infrastructure needs, like extensive network setups, or multi-cloud scenarios
Considerations for adding cloud accounts
Services and Regions
Cloud providers offer hundreds of services across dozens of regions. Most of these services and regions are usable from with an Instruqt cloud account. However, most likely your sandbox only requires a small subset of those services and regions.
Instruqt allows you to specify which services and regions are allowed to be used within a sandbox. We strongly recommend to only enable the ones that you really need. Allowing too many services and regions opens up the possibility of (accidentally) generating high costs.
Roles and permissions
When adding a cloud account to a sandbox, that account is initially empty. Using our Lifecycle scripts you can preprovision resources in those accounts, to prepare the account for usage by a learner. Typically the permissions you need to preprovision these resources, are more than the permissions a learner needs to consume the cloud account.
For this purpose, you can specify two sets of credentials:
Admin credentials These are only injected into lifecycle scripts, used for preprovisioning resources
User credentials These are exposed to learners, used to give users access to cloud accounts
For both types of credentials, we strongly recommend to configure the minimum required permissions. So instead of giving Full Admin permissions, consider using service specific permissions, or even Read Only access where possible.
Available Cloud Providers
AWS accountsAzure subscriptionsGCP projectsLast updated