# Cloud Provider Iam Check The **pf9cp** CLI helps users check IAM access and confirm prerequisites for AWS, Azure and Google clouds. The CLI works by connecting to the target cloud using the same credentials as the Cloud Provider and validates if the credentials provided have the required access for Platform9 to build and manage clusters. The pf9cp CLI supports Windows 10, macOS, CentOS 7.X and Ubuntu 18.04 / 20.04 ## **Install on Linux & macOS** From the command line of your machine, run the following to download and install the CLI tool. {% tabs %} {% tab title="Bash" %} ```bash bash <(curl -sL https://pmkft-assets.s3.us-west-1.amazonaws.com/IAM_Checker/pf9cp_setup) ``` {% endtab %} {% endtabs %} Successful installation should look like: {% tabs %} {% tab title="Bash" %} ```bash $ bash <(curl -sL https://pmkft-assets.s3.us-west-1.amazonaws.com/IAM_Checker/pf9cp_setup) ____ _ _ __ ___ | _ \| | __ _| |_ / _| ___ _ __ _ __ ___ / _ \ | |_) | |/ _` | __| |_ / _ \| '__| '_ ` _ \ (_) | | __/| | (_| | |_| _| (_) | | | | | | | \__, | |_| |_|\__,_|\__|_| \___/|_| |_| |_| |_| /_/ 19:24:01:11 : Initializing: /Users/anmols/pf9 19:24:01:11 : Ensuring /Users/anmols/pf9/bin exists 19:24:01:11 : Ensuring /Users/anmols/pf9/db exists 19:24:01:11 : Ensuring /Users/anmols/pf9/log exists 19:24:01:11 : Ensuring /Users/anmols/pf9/log/cli_install.log exists Note: SUDO access required to run Platform9 CLI. You might be prompted for your SUDO password. Downloading Platform9 CLI binary... Password: Platform9 CLI binary downloaded. Installing Platform9 CLI... 19:24:09:11 : Platform9 CLI installation completed successfully. Platform9 CLI installation completed successfully ! To start testing providers type: pf9cp help ``` {% endtab %} {% endtabs %} ## **Install On Windows** Download the CLI from one of the links below that match your configuration. * For windows-32 : * For windows-64 : If using Windows, ensure that the downloaded exe file is located in a folder that is on the PATH environment variable. You can accomplish this by either copying it into a folder that's already on the PATH or by adding your folder to the PATH. For example: * Create a folder named pf9 in C drive. * Copy the downloaded pf9cp-win64.exe to the C:\pf9 folder. Rename the file to pf9cp for convenience. * Add C:\pf9 folder to your path by doing the following: * Type Edit the system environment variables * Open the option Edit the system environment variables * Click Environment variables... button * Under the System Variables box, find Path variable * Click Edit * A window pops up, click New * Type the C:\pf9 in it. * Click OK on all open windows and restart the command prompt to use it.

## PF9CP CLI Commands ### Syntax Example {% tabs %} {% tab title="Bash" %} ```bash pf9cp [command] ``` {% endtab %} {% endtabs %} ### All Available Commands and Flags {% tabs %} {% tab title="Bash" %} ```bash $ pf9cp help CLI tool for Platform9 cloud provider checks. Usage: pf9cp [command] Available Commands: check-amazon-provider checks if user has amazon cloud permission check-azure-provider checks if user has azure cloud permission check-google-provider checks if user has google cloud permission help Help about any command Flags: -h, --help help for pf9cp --verbose print verbose logs Use "pf9cp [command] --help" for more information about a command. ``` {% endtab %} {% endtabs %} ### Command Examples #### Command: check-amazon-provider This command checks if a user have the appropriate Amazon cloud permissions. {% tabs %} {% tab title="Bash" %} ```bash $ pf9cp check-amazon-provider --help Checks if user has the correct permissions to use the amazon cloud provider Usage: pf9cp check-amazon-provider [flags] Flags: -a, --access_key string sets the access key (required) -h, --help help for check-amazon-provider -i, --iam_user string sets the iam user (required) -r, --region string sets the region (default "us-east-1") -s, --secret_key string sets the secret key (required) Global Flags: --verbose print verbose logs ``` {% endtab %} {% endtabs %} Follow this link to get your AWS access key and secret key if you do not have them: A successful command effort should look like: {% tabs %} {% tab title="Bash" %} ```bash $ pf9cp check-amazon-provider -i iamUser -a access-key -s secret-key -r us-east-1 ✓ ELB Access ✓ Route53 Access ✓ Availability Zones success ✓ EC2 Access ✓ VPC Access ✓ IAM Access ✓ Autoscaling Access ✓ EKS Access ``` {% endtab %} {% endtabs %} ### Command: check-google-provider This command checks if the user has Google cloud permissions. {% tabs %} {% tab title="Bash" %} ```bash $ pf9cp check-google-provider --help Checks if service account has the correct roles to use the google cloud provider Usage: pf9cp check-google-provider [flags] Flags: -h, --help help for check-google-provider -n, --project_name string sets the project name (required) -e, --service_account_email string sets the service account email (required) -p, --service_account_path string sets the service account path (required) Global Flags: --verbose print verbose logs ``` {% endtab %} {% endtabs %} Follow this link to get your Google service account keys if you do not have them: A successful command output will look like this. {% tabs %} {% tab title="Bash" %} ```bash $ pf9cp check-google-provider -p /home/user/Downloads/service-account.json -n testProject -e user@email.com ✓ Success roles/iam.serviceAccountUser ✓ Failed roles/container.admin ✓ Failed roles/compute.viewer ✓ Success roles/viewer ``` {% endtab %} {% endtabs %} ### Command: check-azure-provider This command checks that a user's Azure cloud permissions are set correctly. {% tabs %} {% tab title="Bash" %} ```bash $ pf9cp check-azure-provider --help Checks if service principal has the correct permissions to use the azure cloud provider Usage: pf9cp check-azure-provider [flags] Flags: -c, --client_id string sets the client(applicaiton) id (required) -h, --help help for check-azure-provider -k, --secret_key string sets the secret key (required) -s, --subscription_id string sets the ssubscription id (required) -t, --tenant_id string sets the tenant id (required) Global Flags: --verbose print verbose logs ``` {% endtab %} {% endtabs %} Follow this link to get your Azure tenant information if you do not have it: . #### Command Examples {% tabs %} {% tab title="Bash" %} ```bash pf9cp check-azure-provider -t tenantID -c clientID -s subscriptionID -k secretKey ``` {% endtab %} {% endtabs %} A successful command output should look like this. {% tabs %} {% tab title="Bash" %} ```bash pf9cp check-amazon-provider -i iamUser -a access-key -s secret-key -r us-east-1 ✓ ELB Access ✓ Route53 Access ✓ Availability Zones success ✓ EC2 Access ✓ VPC Access ✓ IAM Access ✓ Autoscaling Access ✓ EKS Access ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.platform9.com/managed-kubernetes/5.9/cloud-provider-iam-check.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.