Cloud Profiles

Cloud Profiles are used to provide credentials for Cloud Validation Actions. These cloud profiles must match an existing account you have in your environment or for your cloud provider.

Cloud Profiles

Create Cloud Profiles

These profiles must match a Cloud Account. The entries could be accounts created specifically for testing the Cloud Security Technologies or could be existing accounts.

  1. Select Environment > Cloud Profiles.
  2. Click Add Cloud Profile.
  3. Enter the Name.

  4. (Optional) Add a Description. Describing the access of the account helps users know which Profile to select when running Cloud Actions.

  5. Select Auth Type and then enter the requested credentials.
    • Basic auth:
      • username
      • password
    • AWS:

      When a Cloud Action is run with an AWS Cloud Profile, environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are created and populated based on the profile. These credentials are used by the BOTO module unless they are overridden in the Python script. AWS_SESSION_TOKEN is also set in the cloud action environment if it's present in the cloud profile.

      • AWS_ACCESS_KEY_ID
      • AWS_SECRET_ACCESS_KEY
      • AWS_SESSION_TOKEN
    • Azure:
      • AZURE_TENANT_ID
      • AZURE_CLIENT_ID

        This value may be referred to as app id in Azure.

      • AZURE_CLIENT_SECRET
      • AZURE_SUBSCRIPTION_ID
    • Google Cloud:
      For the setup and cleanup parts of the Action, a Cloud Profile should be used that has these roles:
      • Compute Admin
      • Storage Admin
      • Deployment Manager Editor

      • GOOGLE_CLOUD_PROJECT_ID

      • GOOGLE_CLOUD_CLIENT_ID

      • GOOGLE_CLOUD_CLIENT_EMAIL

      • GOOGLE_CLOUD_PRIVATE_KEY_ID

      • GOOGLE_CLOUD_PRIVATE_KEY

      • GOOGLE_CLOUD_TOKEN_URI

    • Custom 

  6. (Optional) Click + Add Key/Value to add Custom options. These keys/values are sent to the Cloud Action as environment variables.

    • Two environment variables are included with Cloud Validation, RESOURCE_TAG_KEY and RESOURCE_TAG_VALUE, which let you tag your cloud resources when running Actions. This tagging can be helpful in cleanup tasks or in identifying what has changed during an incomplete build or tear down.  
    • For example, if you are testing the creation of an S3 bucket, add MSV_test as the key and MSV_test_bucket_created as the Value. RESOURCE_TAG_KEY and RESOURCE_TAG_VALUE are also included in your scripts. If the creation succeeds, then you can quickly search your AWS for MSV_test_bucket_created to quickly remove the added bucket.

    • Key

    • Value

  7. Click Add. The profile is added and available to select when running your Cloud Actions.

Add Cloud Profile form for AWS Auth Type

Cloud profiles can be tested on the Cloud Profiles page by clicking ? for the profile you want to be tested in the Actions column.

Edit Cloud Profiles

  1. Select Environment > Cloud Profiles.
  2. For the Cloud Profile you want to modify, click Edit.
  3. Make any necessary modifications and then click Save.

Delete Cloud Profiles

  1. Select Environment > Cloud Profiles.
  2. For the Cloud Profile you want to delete, click  Delete.
  3. Confirm that you want to delete the profile and then click OK.
© Copyright Mandiant. All rights reserved
  • First Published: June 5, 2022
  • Last updated: December 1, 2025
In This Article
Related Articles
Copyright © 2020 – 2021 Your Company, LLC. All rights reserved.