Documentation Index
Fetch the complete documentation index at: https://controlplanecorporation-tamir-docs-improvements.mintlify.app/llms.txt
Use this file to discover all available pages before exploring further.
Overview
The Control Plane platform enables your workloads, regardless of the cloud provider and the location it is running in, to consume native services from different cloud providers in a least-privilege manner, without requiring developers to embed credentials to consume those services (e.g., S3, Dynamo, Big Query, etc.). This capability is optional. This feature simplifies credential management by allowing workloads to obtain temporary credentials dynamically instead of relying on embedded secrets. Cloud providers refer to this as “temporary session credentials.” For more information, see how AWS uses temporary credentials in this link. Customers choosing to define fine-grained access that allows a workload to access cloud resources must perform the following:- Register a cloud account with Control Plane for each cloud provider (AWS, Azure, or GCP) that hosts the resources your workload requires.
- Create an identity and assign the desired cloud access permissions to resources within each registered cloud account.
- Assign the identity to a workload. Each workload can have only one assigned identity. Identities can be re-used by multiple workloads that require the same permissions.
- Create
Rolesin AWS - Create
App registrationsin Azure - Create
Service Accountsin GCP