Skip to main content
Astra Control Service
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Add and remove credentials

Contributors netapp-bcammett netapp-mwallis

Add and remove cloud provider credentials from your account at any time. Astra Control uses these credentials to discover a Kubernetes cluster, the apps on the cluster, and to provision resources on your behalf.

Note that all users in Astra Control share the same sets of credentials.

Add credentials

The most common way to add credentials to Astra Control is when you manage clusters, but you can also add credentials from the Account page. The credentials will then be available to choose when you manage additional Kubernetes clusters.

Before you begin
  • For Amazon Web Services, you should have the JSON output of the credentials for the IAM account used to create the cluster. Learn how to set up an IAM user.

  • For GKE, you should have the service account key file for a service account that has the required permissions. Learn how to set up a service account.

  • For AKS, you should have the JSON file that contains the output from the Azure CLI when you created the service principal. Learn how to set up a service principal.

    You'll also need your Azure subscription ID, if you didn't add it to the JSON file.

Steps
  1. Select Account > Credentials.

  2. Select Add Credentials.

  3. Select Microsoft Azure.

  4. Select Google Cloud Platform.

  5. Select Amazon Web Services.

  6. Enter a name for the credentials that distinguishes them from other credentials in Astra Control.

  7. Provide the required credentials.

    1. Microsoft Azure: Provide Astra Control with details about your Azure service principal by uploading a JSON file or by pasting the contents of that JSON file from your clipboard.

      The JSON file should contain the output from the Azure CLI when you created the service principal. It can also include your subscription ID so it's automatically added to Astra Control. Otherwise, you need to manually enter the ID after providing the JSON.

    2. Google Cloud Platform: Provide the Google Cloud service account key file either by uploading the file or by pasting the contents from your clipboard.

    3. Amazon Web Services: Provide the Amazon Web Services IAM user credentials either by uploading the file or by pasting the contents from your clipboard.

  8. Select Add Credentials.

Result

The credentials are now available to select when you add a cluster to Astra Control.

Remove credentials

Remove credentials from an account at any time. You should only remove credentials after unmanaging all clusters, unless you are rotating credentials (refer to Rotate credentials).

Note The first set of credentials that you add to Astra Control is always in use because Astra Control uses the credentials to authenticate to the backup bucket. It's best not to remove these credentials.
Steps
  1. Select Account > Credentials.

  2. Select the drop-down list in the State column for the credentials that you want to remove.

  3. Select Remove.

  4. Type the name of the credentials to confirm deletion and then select Yes, Remove Credentials.

Result

Astra Control removes the credentials from the account.

Rotate credentials

You can rotate credentials in your account. If you rotate credentials, rotate them during a maintenance window when no backups are in progress (scheduled or on-demand).

Steps
  1. Remove the existing credentials by following the steps in Remove credentials.

  2. Add the new credentials by following the steps in Add credentials.

  3. Update all buckets to use the new credentials:

    1. From the left navigation, select Buckets.

    2. Select the drop-down list in the Actions column for the bucket that you want to edit.

    3. Select Edit.

    4. In the Select credentials section, choose the new credentials that you added to Astra Control.

    5. Select Update.

    6. Repeat steps b through e for any remaining buckets on your system.

Result

Astra Control begins using the new cloud provider credentials.