Cloud Accounts
Register and manage cloud provider accounts for your organization
Cloud Accounts let you store your external cloud provider details — account IDs, VPC info, credentials — in one place. Other features like VPC peering, private link, and BYOC deployments pull from saved cloud accounts to pre-fill fields instead of requiring you to re-enter the same information each time.
Overview
Each cloud account belongs to a tenant and stores provider-specific credentials encrypted at rest. Cloud accounts are managed at the tenant level and can be filtered by cloud provider or region.
Creating a Cloud Account
From the Console
- Navigate to your tenant's Settings page
- Click Cloud Accounts and then Add Cloud Account
- Select the cloud provider (e.g. AWS)
- Enter the account details:
- Name — a unique, human-readable name (1-100 characters)
- Account ID — your cloud provider account identifier (e.g. AWS account ID)
- Region — optional default region for this account
- Settings — cloud-specific credentials (e.g. IAM role ARN for AWS)
- Remarks — optional notes (max 500 characters)
- Click Save
Supported Cloud Providers
| Provider | Value | Status |
|---|---|---|
| AWS | aws | Available |
| GCP | gcp | Available |
| Azure | azure | Coming soon |
| Hetzner | hetzner | Coming soon |
AWS Settings
When registering an AWS cloud account, provide the following settings:
{
"aws": {
"identity_arn": "arn:aws:iam::123456789012:role/LaserDataRole",
"external_id": "unique-external-id",
"vpc_id": "vpc-0abc123def456",
"vpc_cidr": "10.0.0.0/16"
}
}| Field | Required | Description |
|---|---|---|
identity_arn | Yes | IAM role ARN that LaserData assumes for provisioning |
external_id | Yes | External ID for secure cross-account role assumption |
vpc_id | Yes | VPC ID where infrastructure will be provisioned |
vpc_cidr | No | CIDR block of the VPC (used for network planning) |
Cloud account settings are encrypted at rest in the database.
Account Status
| Status | Description |
|---|---|
active | Account is active and can be used for deployments |
inactive | Account is inactive (default on creation) |
locked | Account is temporarily locked |
deleted | Account has been deleted |
Permissions
Cloud account management requires the settings:manage permission at the tenant level. Viewing cloud accounts requires settings:read. See Roles & Permissions.
Plan Limits
| Resource | Basic | Pro | Enterprise |
|---|---|---|---|
| Cloud accounts | 1 | 5 | 20 |
API Reference
Create a Cloud Account
curl -X POST https://api.laserdata.cloud/tenants/{tenant_id}/cloud_accounts \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"cloud": "aws",
"name": "production-aws",
"account_id": "123456789012",
"region": "us-west-1",
"settings": {
"aws": {
"identity_arn": "arn:aws:iam::123456789012:role/LaserDataRole",
"external_id": "unique-external-id",
"vpc_id": "vpc-0abc123def456",
"vpc_cidr": "10.0.0.0/16"
}
},
"remarks": "Main production AWS account"
}'| Field | Required | Description |
|---|---|---|
cloud | Yes | Cloud provider: aws, gcp |
name | Yes | Unique name (1-100 chars) |
account_id | Yes | Cloud provider account ID (max 256 chars) |
region | No | Default region for this account |
settings | No | Cloud-specific credentials (see AWS Settings) |
remarks | No | Notes (max 500 chars) |
Returns 201 Created.
List Cloud Accounts
curl "https://api.laserdata.cloud/tenants/{tenant_id}/cloud_accounts?page=1&results=10" \
-H "ld-api-key: YOUR_API_KEY"Query parameters:
| Parameter | Type | Description |
|---|---|---|
page | integer | Page number (optional) |
results | integer | Results per page (optional) |
name | string | Filter by name (contains match, optional) |
cloud | string | Filter by cloud provider (optional) |
region | string | Filter by region (contains match, optional) |
Response:
{
"total_pages": 1,
"total_results": 2,
"page": 1,
"items": [
{
"id": 1,
"cloud": "aws",
"name": "production-aws",
"account_id": "123456789012",
"region": "us-west-1",
"status": "active",
"created_at": "2026-06-01T10:00:00Z",
"updated_at": "2026-06-01T10:00:00Z"
}
]
}Results are ordered by creation date (newest first).
Get Cloud Account Details
curl https://api.laserdata.cloud/tenants/{tenant_id}/cloud_accounts/{cloud_account_id} \
-H "ld-api-key: YOUR_API_KEY"{
"id": 1,
"cloud": "aws",
"name": "production-aws",
"account_id": "123456789012",
"region": "us-west-1",
"status": "active",
"created_at": "2026-06-01T10:00:00Z",
"updated_at": "2026-06-01T10:00:00Z",
"settings": {
"aws": {
"identity_arn": "arn:aws:iam::123456789012:role/LaserDataRole",
"external_id": "unique-external-id",
"vpc_id": "vpc-0abc123def456",
"vpc_cidr": "10.0.0.0/16"
}
},
"remarks": "Main production AWS account"
}The detailed response includes settings and remarks which are omitted in the list response.
Update a Cloud Account
curl -X PUT https://api.laserdata.cloud/tenants/{tenant_id}/cloud_accounts/{cloud_account_id} \
-H "ld-api-key: YOUR_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"name": "production-aws-updated",
"region": "us-west-2",
"status": "active"
}'All fields are optional — include only the fields you want to change. To clear an optional field, set it to null.
| Field | Type | Description |
|---|---|---|
name | string | New name (must be unique within the tenant) |
account_id | string | Updated cloud account ID |
region | string or null | Updated region, or null to clear |
settings | object or null | Updated credentials, or null to clear |
remarks | string or null | Updated notes, or null to clear |
status | string | Account status: active, inactive |
Returns 204 No Content.
Delete a Cloud Account
curl -X DELETE https://api.laserdata.cloud/tenants/{tenant_id}/cloud_accounts/{cloud_account_id} \
-H "ld-api-key: YOUR_API_KEY"Permanently deletes the cloud account. This action is irreversible.
Returns 204 No Content.