Back to Documentation

Cloud Profile Setup Guide

Complete step-by-step guide to create and configure cloud profiles for automated infrastructure deployment

📅 Last updated: December 8, 2025⏱️ 20 min read

What is a Cloud Profile?

A Cloud Profile is a configuration that stores your cloud provider credentials, pre-created storage resources, and repository integration settings. It enables CloudCanvas to:

  • Automatically create repositories for your architectures
  • Configure CI/CD pipelines and workflows
  • Manage Terraform state storage
  • Auto-configure repository secrets from cloud credentials

Prerequisites

  • Admin Access: You must have ADMIN role in CloudCanvas
  • Cloud Provider Account: Active account with Azure, AWS, or GCP
  • Pre-created Storage Resources: Resource group, storage account, S3 bucket, or GCS bucket for Terraform state
  • Personal Access Token: PAT token for your repository provider (see PAT Token Setup Guide)
1

Tab 1: Basic Information

Profile Name

Enter a descriptive name for your cloud profile. This name will be displayed when selecting profiles for architecture deployment.

Examples:

  • Production Azure
  • Development AWS
  • Staging GCP

Cloud Provider

Select your cloud provider. This determines which authentication and resource fields will be displayed.

Azure

Microsoft Azure cloud services

AWS

Amazon Web Services

GCP

Google Cloud Platform

Environment

Select the deployment environment. This helps organize profiles and ensures architectures use the correct environment-specific configuration.

Available Environments:

  • Development (dev): For development and testing
  • Test: For quality assurance and testing
  • Staging: For pre-production validation
  • Production (prod): For live production workloads

Description (Optional)

Add an optional description to provide additional context about this cloud profile.

Example: "Production Azure subscription for enterprise workloads in East US region"

💡 Tip: Use descriptive names and descriptions to help team members identify the correct profile for their deployments.

2

Tab 2: Authentication

Configure cloud provider authentication credentials. The fields displayed depend on your selected cloud provider.

Azure Authentication

Tenant ID *

Your Azure Active Directory (Azure AD) tenant ID. This identifies your organization in Azure.

How to find: Azure Portal → Azure Active Directory → Properties → Tenant ID

Format: GUID (e.g., 12345678-1234-1234-1234-123456789012)

Client ID *

The Application (client) ID of your Azure service principal or app registration.

How to find: Azure Portal → App registrations → Your app → Overview → Application (client) ID

Client Secret (Optional)

The client secret for your service principal. Leave empty if using Managed Identity authentication.

Note: If using Managed Identity (recommended for Azure VMs), leave this field empty. The system will use the VM's managed identity.

Subscription ID *

Your Azure subscription ID where resources will be deployed.

How to find: Azure Portal → Subscriptions → Your subscription → Overview → Subscription ID

AWS Authentication

Access Key ID *

Your AWS access key ID for programmatic access.

How to create: AWS Console → IAM → Users → Your user → Security credentials → Create access key

⚠️ Security: Ensure the IAM user has minimum required permissions (see IAM policy recommendations below).

Secret Access Key *

The secret access key associated with your access key ID.

⚠️ Important: Store this securely. It cannot be retrieved after creation. If lost, create a new access key.

Google Cloud Platform Authentication

Project ID *

Your GCP project ID where resources will be deployed.

How to find: GCP Console → Project selector → Your project → Project ID

Service Account Key (JSON) *

Paste the complete JSON key for your GCP service account.

How to create:

  1. GCP Console → IAM & Admin → Service Accounts
  2. Create or select a service account
  3. Keys → Add Key → Create new key → JSON
  4. Download and paste the entire JSON content

⚠️ Security: Ensure the service account has appropriate roles (Storage Admin, Service Account User, etc.)

Validate & Generate Login Script

After entering your credentials, click "Validate & Generate Login Script" to:

  • • Verify your credentials are correct
  • • Generate a login script for local Terraform operations
  • • Test connectivity to your cloud provider
3

Tab 3: Pre-created Resources

Configure your pre-created storage resources for Terraform state management. These resources must exist before creating the cloud profile.

Azure Resources

Resource Group Name *

The name of the Azure resource group containing your storage account.

Example: terraform-state-rg

Storage Account Name *

The name of your Azure Storage Account for Terraform state files.

Requirements:

  • • Must be globally unique (3-24 characters, lowercase alphanumeric)
  • • Storage account must exist before creating profile
  • • Example: terraformstate123

Container Name *

The blob container name within your storage account for storing Terraform state.

Example: terraform-state

AWS Resources

S3 Bucket Name *

The name of your S3 bucket for storing Terraform state files.

Requirements:

  • • Must be globally unique (3-63 characters)
  • • Must exist before creating profile
  • • Versioning should be enabled for state file safety
  • • Example: terraform-state-bucket

DynamoDB Table Name *

The DynamoDB table name for Terraform state locking (prevents concurrent modifications).

Requirements:

  • • Table must exist before creating profile
  • • Primary key: LockID (String)
  • • Example: terraform-locks

GCP Resources

GCS Bucket Name *

The name of your Google Cloud Storage bucket for Terraform state files.

Requirements:

  • • Must be globally unique (3-63 characters, lowercase)
  • • Must exist before creating profile
  • • Example: terraform-state-bucket

GCP Project ID *

Your GCP project ID (same as in Authentication tab if using the same project).

Note: This should match the project ID used in authentication.

⚠️ Important: All storage resources must be created in your cloud provider before configuring this profile. CloudCanvas does not create these resources automatically.

4

Tab 4: Repository Profile

Configure repository integration settings for automated code deployment and CI/CD pipeline creation.

Repository Type

Select your repository provider. This determines which fields and options are available.

GitHub

GitHub.com or GitHub Enterprise

GitLab

GitLab.com or self-hosted GitLab

Azure DevOps

Azure DevOps Services

Organization

Enter your repository organization or namespace. The format depends on your repository type:

GitHub

Enter your GitHub organization or username:

mycompany

GitLab

Enter your GitLab group or namespace:

mycompany

Azure DevOps

Enter only the organization name (not the full URL):

cloudslize

❌ Do NOT use: https://dev.azure.com/cloudslize

❌ Do NOT use: https://dev.azure.com/cloudslize/Cloud%20Canvas

Personal Access Token

Enter your Personal Access Token (PAT) for repository access. See the PAT Token Setup Guide for detailed instructions.

⚠️ Security: The token is stored encrypted. Ensure it has the minimum required permissions (see PAT Token Setup Guide).

Repository Integration Settings

Auto-create repositories for new architectures

When enabled, CloudCanvas will automatically create a new repository in your organization when you set up repository integration for an architecture.

  • • Repository name format: {architecture-name}-{environment}-{timestamp}
  • • Repository is created as private by default
  • • Initialized with Terraform .gitignore

Auto-configure repository secrets from cloud profile

When enabled, CloudCanvas will automatically configure repository secrets/variables with your cloud provider credentials.

Secrets configured:

  • GitHub: Repository secrets (AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, etc.)
  • Azure DevOps: Variable groups with cloud credentials
  • GitLab: CI/CD variables with cloud credentials

Enable workflows/pipelines for Terraform

When enabled, CloudCanvas will create and configure CI/CD workflows for automated Terraform deployment:

  • GitHub: GitHub Actions workflows (.github/workflows/terraform.yml)
  • Azure DevOps: Azure Pipelines YAML (azure-pipelines.yml)
  • GitLab: GitLab CI/CD pipelines (.gitlab-ci.yml)

Completing the Setup

Validation

All tabs must show a green checkmark (✓) before you can create the profile. The system validates:

  • • Basic Info: Profile name, provider, and environment are filled
  • • Authentication: Required credentials for selected provider are provided
  • • Resources: Storage resource names are specified
  • • Repository: Repository type, organization, and PAT token are configured

Create Profile

Once all sections are complete, click "Create Profile". The profile will be saved and available for use in architecture deployments.

Best Practices

  • Use separate profiles per environment: Create distinct profiles for dev, staging, and production to ensure proper isolation
  • Follow naming conventions: Use consistent naming (e.g., "Production Azure", "Development AWS") for easy identification
  • Validate credentials: Always use the "Validate & Generate Login Script" button to test authentication before saving
  • Secure storage: Ensure storage accounts/buckets have proper access controls and encryption enabled
  • Rotate credentials: Regularly rotate PAT tokens and cloud credentials for security
  • Test integration: After creating a profile, test repository creation and workflow generation with a test architecture

Troubleshooting

Authentication validation fails?

  • • Verify all credentials are correct and not expired
  • • Check that service principal/IAM user has necessary permissions
  • • For Azure, ensure the subscription is active and accessible
  • • For AWS, verify IAM user has appropriate policies attached
  • • For GCP, ensure service account has required roles

Storage resources not found?

  • • Verify resource names match exactly (case-sensitive)
  • • Ensure resources exist in the specified subscription/project
  • • Check that your credentials have read access to the storage resources
  • • For Azure, verify resource group and storage account exist
  • • For AWS, verify S3 bucket and DynamoDB table exist

Repository creation fails?

  • • Verify PAT token has repository creation permissions
  • • Check organization/group settings allow repository creation
  • • Ensure PAT token hasn't expired
  • • For Azure DevOps, verify organization name format (name only, not URL)

🚀 What's Next?

Your cloud profile is now configured! You can use it to:

Configure Repository Integration

Learn how to set up repository integration for architectures

Initialize Backend

Set up your infrastructure with automated deployment