# Managing Cloud Accounts > Source: https://parallelworks.com/docs/organization-admin/cloud/cloud-accounts/managing-cloud-accounts # Managing Cloud Accounts This page explains how to add, view, update, and delete cloud service provider accounts in your ACTIVATE organization. Cloud accounts store the credentials that ACTIVATE uses to provision infrastructure and start clusters on your behalf. ## Adding a Cloud Account 1. Navigate to **Organization > Cloud Accounts**. 2. Click **Add Account**. 3. Enter a **Name** for the cloud account. 4. Select your **Cloud Service Provider** from the dropdown menu. 5. Fill in the provider-specific fields described below. 6. Click **+ Add Account**. **AWS** | Field | Description | |-------|-------------| | **Account ID** | A 12-digit number that uniquely identifies your AWS account. You can find this in the upper-right corner of the AWS Management Console. | | **GovCloud** | Enable this toggle if the account belongs to an AWS GovCloud region. | | **AWS Access Key ID** | The access key ID for an IAM user or role with the required permissions. | | **AWS Secret Access Key** | The corresponding secret access key. | If you do not have an access key, see [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) in the AWS documentation. **Azure** | Field | Description | |-------|-------------| | **Subscription ID** | The ID of the Azure subscription where resources will be provisioned. | | **GovCloud** | Enable this toggle if the subscription belongs to an Azure Government region. | | **Azure Client ID** | The Application (client) ID of the service principal. | | **Azure Client Secret** | A client secret generated for the service principal. | | **Azure Tenant ID** | The Directory (tenant) ID of your Azure Active Directory. | If you do not have a service principal, see [Create a service principal](https://learn.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal#set-up-authentication) in the Azure documentation. **Google Cloud** | Field | Description | |-------|-------------| | **Project ID** | The Google Cloud project ID where resources will be provisioned. | | **GovCloud** | Enable this toggle if the project uses Assured Workloads. When enabled, you must also provide a **CMEK Crypto Key ID**. | | **Google Service Account JSON Credentials** | The full JSON key file for a service account with the required permissions. | | **Role IDs** | A comma-separated list of role IDs granted to the service account (for example, `roles/owner,roles/compute.admin`). | If you do not have a service account key, see [Create and delete service account keys](https://cloud.google.com/iam/docs/keys-create-delete) in the Google Cloud documentation. **OpenStack** **Project** Some OpenStack endpoints require a project ID and others require a project name, so both values are required. | Field | Description | |-------|-------------| | **Project ID** | The ID of the project in OpenStack. | | **Project Name** | The name of the project in OpenStack. | | **Project Domain** | The domain the project belongs to. Defaults to `default`. | **Endpoints** | Field | Description | |-------|-------------| | **Identity Endpoint** | The Keystone identity endpoint (for example, `http://example.openstack.com:5000/v3/`). | | **Compute Endpoint** | The Nova compute endpoint (for example, `http://example.openstack.com:8774/v2.1/`). | | **Network Endpoint** | The Neutron network endpoint (for example, `http://example.openstack.com:9696/`). | **Credentials** | Field | Description | |-------|-------------| | **Username** | The OpenStack username. | | **Password** | The corresponding password. | | **Domain** | The domain the user belongs to. Defaults to `default`. | For more information, see [Application Credentials](https://docs.openstack.org/keystone/queens/user/application_credentials.html) in the OpenStack documentation. **Oracle Cloud** **Oracle Cloud Infrastructure** | Field | Description | |-------|-------------| | **Tenancy OCID** | The OCID of your Oracle Cloud tenancy. Found in the Oracle Cloud Console under **Administration > Tenancy Details**. | | **Compartment OCID** | The OCID of the compartment where resources will be provisioned. Found under **Identity > Compartments**. | **API Key Credentials** | Field | Description | |-------|-------------| | **User OCID** | The OCID of the user. Found in the Oracle Cloud Console under **Identity > Users**. | | **API Key Fingerprint** | The fingerprint of the API signing key, generated when you add an API key to your user. | | **API Private Key (PEM)** | The private key in PEM format used for API authentication. This is the private key you downloaded when creating the API key. | After the account is created, ACTIVATE automatically validates that the provided credentials have sufficient permissions. You can check the validation status on the cloud account detail page. ## Viewing Cloud Account Details To view details for a cloud account, navigate to **Organization > Cloud Accounts** and click the account name. The detail page displays the following information: - **Principal** -- The primary credential identifier (for example, the AWS Access Key ID or the Google service account email). - **Billing** -- Whether billing has been provisioned for this account, along with when billing data was last refreshed. - **Permissions** -- Whether the credential has sufficient permissions. If permissions are insufficient, a link to the relevant preparation guide is provided. - **Credentials last updated** -- When the credentials were last changed. - **Shared with** -- Which groups or the entire organization have access to use this cloud account for network provisioning. - **Networks** -- A table of all networks provisioned under this cloud account. From the detail page you can also manage access permissions, provision or deprovision billing, and add networks. ## Updating Credentials To rotate or update the credentials on an existing cloud account: 1. Navigate to **Organization > Cloud Accounts** and click the account name. 2. Click **Update Credentials** in the action bar. 3. Update the credential fields as needed. The account name and cloud service provider cannot be changed. 4. Click **Update Credentials** to save. After updating, ACTIVATE re-validates the credential permissions automatically. ## Deleting a Cloud Account :::warning Network Deprovisioning Deleting a cloud account will deprovision all networks associated with the account. Ensure that no active clusters are running on those networks before proceeding. ::: To delete a cloud account: 1. Navigate to **Organization > Cloud Accounts**. 2. Click the delete icon next to the account you want to remove. 3. Confirm the deletion in the dialog. If billing has been provisioned for the account, deprovision billing before deleting the account.