> ## Documentation Index
> Fetch the complete documentation index at: https://www.truefoundry.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Cloud Integration

> Step-by-step guide for cloud integration, explaining configuration, best practices, and real-world usage on TrueFoundry.

## Add your Amazon Web Services account

It is recommended that you create a new IAM role to integrate with TrueFoundry:

1. Open your AWS IAM console, [create IAM role with assume role access](/docs/post-cluster-configurations#create-an-iam-role-with-assume-role) with the following permissions. You can also create a user and provide an AWS Access key and secret but this is not recommended.

<CodeGroup>
  ```json JSON lines theme={"dark"}
  {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Effect": "Allow",
              "Action": [
                  "eks:ListNodegroups",
                  "eks:DescribeFargateProfile",
                  "eks:ListTagsForResource",
                  "eks:DescribeInsight",
                  "eks:ListAddons",
                  "eks:DescribeAddon",
                  "eks:DescribePodIdentityAssociation",
                  "eks:ListInsights",
                  "eks:ListPodIdentityAssociations",
                  "eks:ListFargateProfiles",
                  "eks:DescribeNodegroup",
                  "eks:ListUpdates",
                  "eks:DescribeUpdate",
                  "eks:AccessKubernetesApi",
                  "eks:DescribeCluster"
              ],
              "Resource": [
                  "arn:aws:eks:AWS_REGION:AWS_ACCOUNT_ID:fargateprofile/CLUSTER_NAME/*/*",
                  "arn:aws:eks:AWS_REGION:AWS_ACCOUNT_ID:addon/CLUSTER_NAME/*/*",
                  "arn:aws:eks:AWS_REGION:AWS_ACCOUNT_ID:nodegroup/CLUSTER_NAME/*/*",
                  "arn:aws:eks:AWS_REGION:AWS_ACCOUNT_ID:podidentityassociation/CLUSTER_NAME/*",
                  "arn:aws:eks:AWS_REGION:AWS_ACCOUNT_ID:identityproviderconfig/CLUSTER_NAME/*/*/*",
                  "arn:aws:eks:AWS_REGION:AWS_ACCOUNT_ID:cluster/CLUSTER_NAME"
              ]
          },
          {
              "Effect": "Allow",
              "Action": [
                  "eks:DescribeAddonConfiguration",
                  "eks:ListClusters",
                  "eks:DescribeAddonVersions",
                  "ec2:DescribeRegions"
              ],
              "Resource": ["*"]
          }
      ]
  }
  ```
</CodeGroup>

2. Navigate to your TrueFoundry `Integrations` page and open the `Cloud Accounts` tab.
3. Click on `New Cloud Account` and select AWS as the provider.
4. Enter the `IAM role arn` you created into the TrueFoundry cloud account form.

<Info>
  ### Note:

  You can edit the integration at any time to update the secrets if required. If the new secrets do not have permission to manage existing clusters, you will be unable to manage those clusters from TrueFoundry.
</Info>

5. Navigate to `Clusters` tab and click on `Configure` cloud account for your cluster.
6. Select the AWS EKS cluster name along with the added cloud account and submit.
7. Sync your cluster by clicking on `Sync` button for your cloud account. This will sync cluster details and all its node pools.

## Add your Google Cloud Platform account

We recommend you create a new service account to integrate with TrueFoundry:

1. Open your GCP console and navigate to `IAM and admin` in your project and open the service accounts page

2. Create a new service account:

   1. Add a name and description, click Create, and continue
   2. Add roles with the required permissions: the standard Google roles service account user and Kubernetes engine admin contain all the required permissions.
   3. Select the new service account and go to the keys page. Create a new key and download the `keyfile.json`

3. Navigate to your TrueFoundry `Integrations` page and open the `Cloud Accounts` tab.

4. Click on `New Cloud Account` and select Google Cloud Platform(GCP) as the provider.

5. Copy and paste the contents of your `keyfile.json` and `Google project ID`. Submit to add the Cloud Account.

<Info>
  ### Note:

  You can edit the integration at any time to update the `keyfile.json` and Google project ID, if required. If you change the Google project while there are still TrueFoundry clusters on it, you will be unable to manage those clusters from TrueFoundry.
</Info>

6. Navigate to `Clusters` tab and click on `Configure` cloud account for your cluster.
7. Select the GKE cluster name along with the added cloud account and submit.
8. Sync your cluster by clicking on `Sync` button for your cloud account. This will sync cluster details and all its node pools.

## Add your Microsoft Azure account

It is recommended that you create a new Azure Active Directory application to integrate with TrueFoundry:

1. Open Azure Portal and navigate to Azure Active Directory
2. Register a new application with Azure AD from the `add` menu, or from the `app registrations` page. Copy the directory (tenant) ID and the application (client) ID to the TrueFoundry form.
3. Go back to your application overview and open the `certificates and secrets` page. Create a new client secret, and copy the secret value (not the secret ID) to TrueFoundry.
4. Navigate to the Kubernetes service and select your AKS cluster.
5. Open `access control (IAM)` and add a new role assignment to the subscription. Select the `Reader` role\
   from `Job function roles`, and then add your Active Directory application as a member.
6. Navigate to your TrueFoundry `Integrations` page and open the `Cloud Accounts` tab.
7. Click on `New Cloud Account` and select Azure as the provider.
8. Enter the `Tenant ID`, `Client ID`, `Client secret` and `Subscription ID` into the TrueFoundry cloud account form.

<Info>
  ### Note:

  You can edit the integration at any time to update the secrets if required. If the new secrets do not have permission to manage existing clusters, you will be unable to manage those clusters from TrueFoundry.
</Info>

9. Navigate to `Clusters` tab and click on `Configure` cloud account for your cluster.
10. Select the Azure AKS cluster name along with the added cloud account and submit.
11. Sync your cluster by clicking on `Sync` button for your cloud account. This will sync cluster details and all its node pools.
