Connecting your cloud infrastructure is the first step to building automations in XOAP. This guide covers how to add a new connection to AWS, Azure or Google Cloud.

If you want to use XOAP only to deliver configurations or install applications on your systems, this step is not mandatory. You can manage your on-prem or cloud systems even without connecting XOAP to your cloud infrastructure.

How to add a Connection #

• Go to the Connections.
• Click the + New Connection button in the top-right corner.
• You can select from the following available connection types: AWS, Azure, Google Cloud (more details below).
• Select your chosen provider and configure other necessary settings accordingly.
• When you’re done, click Confirm.

Supported cloud providers #

AWS #

You can choose from three connection types:

• AWS – Access Key
• AWS – Assume Role
• AWS – Assume Role (Cross-Account)

All AWS connection details are securely stored in a vault tied to your Workspace.

Learn more about setting up AWS – Access Key permissions:

• Managing access keys for IAM users
• Introduction to AWS IAM
• IAM tutorial: Delegate access across AWS accounts using IAM roles
• IAM identifiers and ARN format

Learn more about AWS – Assume Role permissions:

• STS API Reference: AssumeRole

Learn more about AWS – Assume Role (Cross-Account) with External ID:

• How to use External ID when granting access to your AWS resources (AWS Security Blog)
• IAM Trust Policies: Using conditions with sts: ExternalId

Microsoft Azure #

XOAP supports connecting to Azure using Service Principals, providing secure access to your Azure subscriptions. To set this up, the following information is required: 

• Name: a custom name for the connection as it will appear in your application (e.g., XOAP-Azure-Prod).
• Client ID: the Application (client) ID of your Azure AD application (also known as a Service Principal).
• Client Secret: the client secret you create under the “Certificates & secrets” section in the App Registration. Note that the value is shown only once at the time of creation.
• Subscription ID: a unique GUID representing the Azure subscription where your resources are located.
• Tenant ID: the Directory (tenant) ID of your Azure Active Directory instance.

As with AWS, all Azure credentials are stored securely in your Workspace vault.

For detailed guidance on configuring your XOAP connection and retrieving the necessary information, please refer to the following resources:

• Register an application in Microsoft Entra ID
• Register a Microsoft Entra app & create a client secret
• Subscription & Tenant ID

Google Cloud #

To connect XOAP to Google Cloud, you need a Service Account with sufficient permissions and a downloaded JSON key file.

• Name: a custom name for identifying the connection (e.g., XOAP-GCP-Prod).
• Project ID: the unique identifier of your Google Cloud project.
• File: the Service Account JSON key file that contains authentication credentials.

Make sure the service account has the required roles (e.g., Viewer, Editor, or a custom role depending on your needs).

As with AWS and Azure, all Google credentials are stored securely in your Workspace vault.

For more information on configuring your XOAP connection and retrieving the required details, please refer to the following links:

• Find your Project ID
• How to generate the Service Account JSON key file