JetBrains CodeCanvas
 
2024.3

Access to Cloud Resources

Last modified: 17 September 2024

Suppose your company has resources hosted in the cloud, for example, a database in Amazon RDS, an object storage in Amazon S3, an API server in Google Cloud, etc. These resources are required for development and testing purposes and should be accessible from user dev environments. Normally, users have to configure access to these resources manually by providing credentials or tokens to their dev environments. This is not only inconvenient but also insecure.

This is where CodeCanvas cloud policies come into play. To provide access to cloud resources from dev environments, cloud policies use Kubernetes service accounts – non-user accounts providing identity in a Kubernetes cluster. A cloud policy assigns a specific ServiceAccount to a dev environment instance type. As a result, dev environment pods of this type can use the ServiceAccount to authenticate outside the cluster, e.g., to access cloud resources, API servers, and so on.

The benefits:

  • Simplifying the developer experience – Cloud policies eliminate the need for individual developers to manage keys or tokens.

  • Enforcing least privilege – You can grant only the minimum necessary permissions to a specific ServiceAccount, i.e., to a dev environment. This reduces the risk of unauthorized access to sensitive resources.

  • Additional security layer – Cloud policies provide an additional layer of security as you manage access to cloud resources on the dev environment template level.