Chkk Cloud Connector
An overview of the Chkk Cloud Connector
Overview
What is a Chkk Cloud Connector?
Chkk Cloud Connector is a secure, read-only integration that fetches relevant resource data from your cloud environment and correlates it with your Kubernetes clusters. By focusing on resources that affect — or are affected by — your clusters (e.g., security groups, IAM roles, networking settings), the Connector facilitates a unified view of your infrastructure. This insight helps detect potential incompatibilities and misconfigurations early, resulting in a more stable and secure environment.
Supported Cloud Service Providers
Chkk supports connecting to the following major CSPs:
- AWS (Amazon Web Services)
- GCP (Google Cloud Platform)
- Azure (Microsoft Azure)
Permissions
Chkk Cloud Connector operates under the principle of least privilege, utilizing read-only credentials to access only the necessary metadata in your cloud environment. This restricted, non-intrusive access allows Chkk to accurately map your configurations and deliver tailored guidance for upgrades and operational best practices. By granting the minimal permissions required, you maintain a strong security posture while benefiting from insights that reflect the actual state of your environment.
Setup Guide
This guide walks you through installing a Chkk Cloud Connector for AWS, GCP, or Azure.
- In the left-hand column of the Chkk Dashboard, expand Configure and click Cloud Accounts.
- In the top-right corner, click Add Cloud Account.
- From the dropdown, select AWS, GCP, or Azure.
Once you’ve selected your provider, follow the relevant instructions in the tabs below to set up and verify the Cloud Connector.
Enter AWS Account Details
- AWS Account ID: Provide the 12-digit AWS Account ID (e.g.,
123456789012). - AWS Region: Specify your primary region (e.g.,
us-east-1). - (Optional) Account Name: Provide a name to reference this AWS Account in the Chkk Dashboard. (e.g.,
production-account) - Click Mark as done.
Set Up Your Environment
- In Setup Environment, choose how you want to create the read-only IAM Role (CloudFormation, Console, CLI, or Terraform).
- Follow the steps mentioned under the selected method to set up the IAM Role in your AWS account.
- Once set up, click Mark as done.
Verify Connection to Chkk
- Wait until the IAM Role is fully created in AWS.
- Chkk attempts to assume the newly created role to confirm connectivity.
- Once the connection is verified, you’ll see a success message on the Chkk Dashboard.
- The Redo button allows you to retry the connection if needed.
Confirm Your AWS Account Is Connected
- A success message indicates Chkk can now access your AWS account.
- Your AWS account will appear in the Cloud Accounts list with Connected status in the Configure -> Cloud Accounts view.
Enter AWS Account Details
- AWS Account ID: Provide the 12-digit AWS Account ID (e.g.,
123456789012). - AWS Region: Specify your primary region (e.g.,
us-east-1). - (Optional) Account Name: Provide a name to reference this AWS Account in the Chkk Dashboard. (e.g.,
production-account) - Click Mark as done.
Set Up Your Environment
- In Setup Environment, choose how you want to create the read-only IAM Role (CloudFormation, Console, CLI, or Terraform).
- Follow the steps mentioned under the selected method to set up the IAM Role in your AWS account.
- Once set up, click Mark as done.
Verify Connection to Chkk
- Wait until the IAM Role is fully created in AWS.
- Chkk attempts to assume the newly created role to confirm connectivity.
- Once the connection is verified, you’ll see a success message on the Chkk Dashboard.
- The Redo button allows you to retry the connection if needed.
Confirm Your AWS Account Is Connected
- A success message indicates Chkk can now access your AWS account.
- Your AWS account will appear in the Cloud Accounts list with Connected status in the Configure -> Cloud Accounts view.
Enter GCP Project Details
- GCP Project ID: Provide the ID for the GCP project you want to connect (e.g.,
gcp-proj-example). - (Optional) Account Name: Provide a name to reference this project in the Chkk Dashboard (e.g.,
staging-project). - Click Mark as done.
Set Up Your Environment
- Under Setup Environment, choose your preferred method (e.g., Manual (CLI) or Terraform) to grant the Chkk service account read-only (
roles/viewer) access to your project. - Follow the steps mentioned under the selected method.
- After configuring your IAM policy, click Mark as done.
Verify Connection to Chkk
- Once you finish creating the policy bindings in GCP, Chkk will attempt to connect using the newly granted service account permissions.
- A success message indicates that Chkk can now retrieve data from your GCP project.
- If needed, click Redo to retry or refresh the connection.
Confirm Your GCP Account Is Connected
- A final message confirms that your GCP project is Connected.
- In the Cloud Accounts list (under Configure -> Cloud Accounts), your GCP project appears with a Connected status.
Name Your Connection
- Account Name: Provide a name to reference this Azure account in the Chkk Dashboard (e.g.,
production-account). - Click Mark as done when finished.
Provide Subscription IDs
- Azure Subscription ID(s): Enter one or more Subscription IDs (e.g.,
b6cbec...97995d). - Click Add to include multiple subscription IDs if needed.
- Click Mark as done.
Login to Azure
- Open a terminal and log in to your Azure account using the CLI.
- Once logged in, click Mark as done.
Create a Service Principal with Reader Role
- Run the following command to create a Service Principal that has the Reader role, scoped to your subscription:
- Note the output of this command—it includes your tenant, appId (client ID), and password (client secret).
- Click Mark as done.
Provide Service Principal Details
- Copy and paste the Tenant ID, Client ID, and Client Secret from the output of the previous command into the respective fields.
- Click Mark as done.
Verify Connection to Chkk
- After providing your Service Principal details, Chkk attempts to authenticate with Azure.
- A success message indicates that your Azure account is now connected.
- Use the Redo button if you need to retry or refresh the connection.
Confirm Your Azure Account Is Connected
- Navigate back to Configure -> Cloud Accounts.
- Your Azure account appears in the list with a Connected status.