API Key
Every cloud asset imported through a public cloud account is automatically bound to that cloud account, and all operations corresponding to the cloud service will be accessed through the API Key recorded by that cloud account.
1. AWS
Step A: Log in to the AWS IAM service.
Step B: Create a policy (Mavis using EC2 minimal permissions)
EC2 policy(Mavis using EC2 minimal permissions)
"ec2:Describe*",
"ec2:StartInstances",
"ec2:StopInstances"
Step C: Add a user
Step D: grant corresponding resource permissions based on requirements (this example grants EC2 custom minimal permissions.
Step E: Create access key for user account.
2. GCP
2-1. Create a service account
Step A: In the Google Cloud console, go to Menu menu > IAM & Admin > Service Accounts
Log in to the GCP service accounts.
Step B: Click Create service account.
Step C: Fill in the service account details, then click Create and continue.
Step D: Optional: Assign roles to your service account to grant access to your Google Cloud project's resources. This example grants Compute Admin privileges.
Step E: Click Continue.
Step F: Optional: Enter users or groups that can manage and perform actions with this service account. The example Skip this step.
Step G: Click Done.
2-2. Create credentials for a service account
Step A: In the Google Cloud console, go to Menu menu > IAM & Admin > Service Accounts
Log in to the GCP service accounts.
Step B: Select your service account.
Step C: Click Keys > Add key > Create new key.
Step D: Select JSON, then click Create.
Your new public/private key pair is generated and downloaded to your machine as a new file. This file is the only copy of this key. Please save carefully.