Buttonwood Automate is an orchestration and automation tool. As such, it requires access credentials which grants permissions to programmatically perform tasks within a service provider. These credentials are provided by a Buttonwood Automate administrator when adding the service provider account to Automate and is encrypted and securely stored within the appliance's internal configuration database.
Buttonwood recommends providing administrative level permissions where possible to support new services and features which are continually added to Automate sections list the minimum permissions required for each service provider. Please refer to the service provider's documentation for detailed instructions on how to create custom roles which grant these permissions.
Amazon Web Services (AWS)
Service | Access Level | Resources |
EC2 | Full Access | All Resources |
ELB | Full Access | All Resources |
ELB v2 | Full Access | All Resources |
IAM | Full Access | All Resources |
RDS | Full Access | All Resources |
S3 | Full Access | All Resources |
Microsoft Azure
Service |
Microsoft.Compute/* |
Microsoft.Resources/subscriptions/resourcegroups/* |
Microsoft.Storage/storageAccounts/* |
Microsoft.Network/* |
Microsoft.DBforMySQL/* |
Microsoft.DBforPostgreSQL/* |
Microsoft.DBforMariaDB/* |
Microsoft.Sql/* |
Microsoft.Cache/* |
VMware vSphere
Task Description | Object | Permission |
N/A | Global |
Enable methods |
Create virtual machines | Virtual machine |
Inventory.Create new Configuration.Add new disk |
Datastore |
Browse datastore |
|
Network |
Assign network |
|
Resource |
Assign virtual machine to resource pool |
|
Deploy virtual machines from templates | Virtual machine |
Inventory.Create from existing |
Datastore |
Browse datastore |
|
Network |
Assign network |
|
Resource |
Assign virtual machine to resource pool |
|
Virtual machine operations | Virtual machine |
Interaction.Answer question |