A Cloud Account allows you to store credentials for cloud infrastructure which the Platform Orchestrator needs to connect to at a central place in your Humanitec Organization.

Configured Cloud Accounts can then be referenced in Resource Definitions to connect to cloud resources, removing the need to maintain those credentials for every single Resource Definition.

In order to use a Cloud Account, the Driver being used in the Resource Definition needs to support the respective account type. For example, a “Google Cloud” (GCP) Account can be used by the MariaDB Cloud SQL Driver because that Driver supports gcp in its account types. Likewise, an “Amazon Web Services” (AWS) Account can be used by the AWS Route53 Driver which supports aws in its account types.

You need the Administrator role in the Organization to manage Cloud Accounts.

Dynamic vs static credentials

Each Cloud Account type supports either dynamic or static credentials.

Dynamic credentials are relatively short-lived credentials often created on-the-fly and based on a previously established trust relationship between the involved parties. Because they expire quickly, they pose much less of a risk when breached, and therefore provide superior security when compared to static credentials. They also reduce maintenance effort because they don’t need to be renewed.

Static credentials are relatively long-lived credentials created by some administrative entity and then distributed to its users. Because they can be exploited extensively when breached, they pose a much higher risk than dynamic credentials. Unless valid indefinitely, which is not recommended, they also require maintenance effort for renewing (rotating) them.