Configuration
Cloud
Light mode
T
Getting started
Start guide
Architectures
Published
Designs
Generate
Resources
Insights
Toolbar
Account
Preferences
Security
SCIM Provisioning
Single Sign-On (SSO)
Company
Workspace
Members
Teams
Billing
Activity
Configuration
Cloud
Documents
Guardrails
Scopes
Updates
Changelog

Cloud

Connect to your cloud provider and retrieve published architectures.

Overview

The Cloud page provides a centralized view of all connected cloud environments in your organization, serving as the foundation for generating architectures, detecting insights, and enforcing guardrails in Dawnguard.

Add cloud connection

Amazon Web Services

  1. In the Dawnguard app, go to Settings → Cloud
  2. Click + Add Connection
  3. Select AWS (Amazon Web Services)
  4. Click Next
  5. Enter a connection name
  6. Optionally enter a description
  7. Click Next
  8. For the Access Key and Secret Access Key:
    1. Go to https://console.aws.amazon.com and log in to your AWS account
    2. In the AWS search bar, type “IAM” and select IAM under Services
    3. Under Access management, click Users
    4. In the user table, click Create user
    5. Enter a username with the suggested format: {SUBSCRIPTION}_DAWNGUARD_READER (change SUBSCRIPTION), then click Next
    6. Under Set permissions, select Attach policies directly
    7. In the permissions policies table, search for ReadOnlyAccess
    8. Use the Filter by type dropdown and select AWS managed job function to narrow results
    9. Select the ReadOnlyAccess policy
    10. Under Set permissions boundary, you may optionally define a permissions boundary
    11. Click Next, review your settings, and then click Create user
    12. Once the user is created, locate and click on dawnguard.app in the user table
    13. Go to the Security credentials tab
    14. Under Access keys, click Create access key
    15. For the Use case, select Third-party service, check the confirmation box, and click Next
    16. Enter a description tag value, then click Create access key
    17. Copy the Access key and Secret access key (these are shown only once)
    18. Enter these values in Dawnguard to complete the setup
  9. You can optionally check Daily Sync to automatically update cloud architectures each day
  10. Click Add to complete the cloud connection setup

Microsoft Azure

  1. In the Dawnguard app, go to Settings → Cloud
  2. Click + Add Connection
  3. Select Azure (Microsoft Azure)
  4. Click Next
  5. Enter a connection name
  6. Optionally enter a description
  7. Click Next
  8. For the Tenant ID, Client ID and Client Secret:
    1. Go to https://portal.azure.com and log in to your Azure account
    2. In the search bar, type App registrations and select it under Services
    3. Click + New registration
    4. Enter a name with the suggested format: {SUBSCRIPTION}_DAWNGUARD_READER (change SUBSCRIPTION), then click Register
    5. Under the Manage section, select Certificates & secrets
    6. Click + New client secret
    7. Enter a description and choose an expiration period
    8. Click Add
    9. Copy the Client secret value (this is shown only once) and store it securely
    10. Go to the Overview tab and copy the Application (client) ID and Directory (tenant) ID
    11. Enter these values in Dawnguard
    12. In the search bar, type Management groups and select it under Services
    13. Select the Management group(s) or Subscriptions you want Dawnguard to read data from
    14. Click Access control (IAM)
    15. Click + Add, then choose Add role assignment
    16. Under Job function roles, search for Reader and select the Reader role
    17. Click Next
    18. Click + Select members
    19. Search for and select the app registration you just created
    20. Click Select
    21. Click Next
    22. Choose the assignment duration according to your company’s requirements
    23. Click Next again
    24. Review all details, then click Review + assign to finalize the role assignment
  9. You can optionally check Daily Sync to automatically update cloud architectures each day
  10. Click Add to complete the cloud connection setup

Syncing connections

Daily sync

When daily sync is enabled, the cloud architecture linked to the connection is automatically updated each day.

Manual sync

Syncing can also be triggered manually:

  1. Go to Settings → Cloud
  2. Hover over a cloud's row
  3. Click on the dotted menu
  4. Select Sync
  5. Syncing may take some time to complete

Managing cloud connections

Rename a connection

  1. Go to Settings → Cloud
  2. Hover over a cloud's row
  3. Click on the dotted menu
  4. Select Rename connection
  5. Rename the cloud connection
  6. Click Save changes

Configure a connection

  1. Go to Settings → Cloud
  2. Hover over a team's row
  3. Click on the dotted menu
  4. Select Configure
  5. Re-enter the AWS secret access key or the Azure client secret
  6. Update any other fields if needed
  7. Click Save changes

Delete a connection

  1. Go to Settings → Cloud
  2. Hover over a cloud's row
  3. Click on the dotted menu
  4. Select Delete
  5. Enter the connection name in the confirmation modal
  6. Click Delete