Cloud Providers

Cloud provider credentials enable agents to deploy applications, manage infrastructure, and interact with cloud services.

Note

Cloud provider credentials are optional. Only configure them if your workflows involve cloud deployments or infrastructure management.

Supported Providers

Provider	Services	Common Use Cases
AWS	S3, Lambda, EC2, etc.	Full-stack deployments, serverless
Cloudflare	Workers, Pages, D1	Edge deployments, static sites
DigitalOcean	Droplets, App Platform	Simple deployments, VPS
Google Cloud	GCE, Cloud Run, GCS	Enterprise deployments

AWS

Amazon Web Services provides comprehensive cloud infrastructure.

Getting Credentials

1. Log into AWS Console
2. Go to IAM > Users
3. Create a new user or select existing
4. Go to Security credentials
5. Create an Access key
6. Save both the Access Key ID and Secret Access Key

Adding to Cheffed

1. Go to Settings in Cheffed
2. Find the AWS section
3. Click Add Credentials
4. Enter:
   • Access Key ID
   • Secret Access Key
   • Default region (e.g., us-east-1)
5. Click Save

Recommended IAM Permissions

Create a policy with minimum required permissions:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:*", "lambda:*", "cloudformation:*"],
      "Resource": "*"
    }
  ]
}

Adjust based on your specific needs.

Use Cases

• Deploy serverless functions (Lambda)
• Host static assets (S3)
• Manage infrastructure (CloudFormation)
• Container deployments (ECS, EKS)

Cloudflare

Cloudflare provides edge computing and hosting services.

Getting Credentials

1. Log into Cloudflare Dashboard
2. Go to My Profile > API Tokens
3. Click Create Token
4. Use Edit Cloudflare Workers template or create custom
5. Copy the generated token

Adding to Cheffed

1. Go to Settings in Cheffed
2. Find the Cloudflare section
3. Click Add Credentials
4. Enter:
   • API Token
   • Account ID (from dashboard URL)
5. Click Save

Recommended Permissions

For Workers deployments:

• Account: Workers Scripts - Edit
• Zone: Workers Routes - Edit

For Pages:

• Account: Cloudflare Pages - Edit

Use Cases

• Deploy Workers (serverless functions)
• Host static sites (Pages)
• Manage D1 databases
• Configure DNS and routing

DigitalOcean

DigitalOcean offers simple, developer-friendly cloud hosting.

Getting Credentials

1. Log into DigitalOcean
2. Go to API in the left sidebar
3. Click Generate New Token
4. Give it a name and select scopes
5. Copy the generated token

Adding to Cheffed

1. Go to Settings in Cheffed
2. Find the DigitalOcean section
3. Click Add Credentials
4. Enter your API token
5. Click Save

Recommended Scopes

• Read and Write access for:
  • Droplets
  • App Platform
  • Spaces (object storage)

Use Cases

• Deploy to App Platform
• Manage Droplets (VPS)
• Object storage (Spaces)
• Managed databases

Google Cloud

Google Cloud Platform provides enterprise-grade cloud services.

Getting Credentials

1. Log into Google Cloud Console
2. Go to IAM & Admin > Service Accounts
3. Create a new service account
4. Grant appropriate roles
5. Create and download a JSON key file

Adding to Cheffed

1. Go to Settings in Cheffed
2. Find the Google Cloud section
3. Click Add Credentials
4. Upload the JSON key file or paste its contents
5. Click Save

Recommended Roles

• Cloud Run Admin (for serverless)
• Storage Admin (for GCS)
• Compute Admin (for GCE)

Customize based on your deployment needs.

Use Cases

• Deploy to Cloud Run
• Manage Cloud Storage
• Compute Engine instances
• Kubernetes (GKE)

Security Best Practices

Principle of Least Privilege

Only grant permissions the agent actually needs:

1. Identify required actions
2. Create a minimal policy
3. Test with restricted permissions
4. Expand only if necessary

Use Dedicated Credentials

Create separate credentials for Cheffed:

• Don’t use personal or root credentials
• Create service accounts/IAM users
• Easy to rotate or revoke

Set Spending Limits

Protect against runaway costs:

• Configure billing alerts
• Set account spending limits
• Monitor usage regularly

Rotate Credentials

Periodically update credentials:

1. Create new credentials
2. Update in Cheffed
3. Verify sessions work
4. Revoke old credentials

Credential Management

Viewing Credentials

See configured providers in Settings:

• Provider name and status
• Partial credential info (masked)
• Last verification date

Testing Credentials

Verify credentials work:

1. Create a test session
2. Run a simple cloud command
3. Confirm it succeeds

Removing Credentials

To remove a provider:

1. Go to Settings
2. Find the provider
3. Click Remove
4. Confirm deletion

Troubleshooting

Authentication Errors

Error	Solution
”Invalid credentials”	Verify credentials are correct
”Access denied”	Check IAM permissions
”Token expired”	Generate new credentials

Permission Errors

If operations fail with permission errors:

1. Review required permissions
2. Update IAM policy/roles
3. Wait for propagation (can take minutes)
4. Retry the operation

Region Issues

Some operations require specific regions:

• Verify region is configured correctly
• Check resource availability in region
• Use region-specific endpoints if needed

Next Steps

• Set up AI Providers for sessions
• Configure GitHub integration
• Create Automations that deploy code