Grant a Tenant specific access over a VPN
In order for DuploCloud users to have access to internal resources within a Tenant, such as an internal host or a database, you need to add Security rules to allow a VPN connection.
Note: Users with the Administrator role have persistent access to all Tenants. Administrators do not need to add individual Tenant access for themselves.
Define Tenant Security rules for Tenant access over a VPN:
In the DuploCloud Portal, navigate to Administrators -> Tenants.
Select the Tenant in the Name column. The Tenant's permissions page displays.
Click the Security tab.
Click Add. The Add Tenant Security pane displays.
Complete the rule fields and add a Description of your changes for future reference.
In this example, you create a security rule allowing traffic originating from the VPN IP Address to access resources that are private or internal to the Tenant.
Give a user access to a Tenant
In order for a DuploCloud user to access a Tenant, an Administrator must give a user Tenant Access permissions.
Note: Users with the Administrator role have persistent access to all Tenants. Administrators do not need to add individual Tenant access for themselves.
Give a non-Administrator user access to a Tenant:
In the DuploCloud Portal, navigate to the Administrators -> Users page.
Select the user in the Username column. The user's permissions page displays.
On the Tenant Access tab, Click Add. The Add User Access pane displays.
From the User field, select the user name and click Add.
Allow multiple Tenants access to the same resources
These features are currently only available for AWS.
You can configure the DuploCloud Portal to support various types of Cross-tenant access. Cross-tenant access enables you to share access to resources and services between two DuploCloud Tenants.
Configure Cross-tenant access to:
Share specific services between Tenants in the DuploCloud Portal that are restricted by IAM policies.
Before you can use Cross-tenant access, you must do the following:
Add a Security Group rule to allow port access between each of the Tenants requiring Cross-tenant access in the Security Group.
Include the full application Namespace when accessing the domain, in this format: https://NAMESPACE.duploservices-TENANT_NAME:PORT
For example, If Tenant dev01 is running an app named myapp on port 8080, then access the domain using the URL https://myapp.duploservices-dev01:8080
.
When you grant general non-IAM restricted access between Tenants, you allow one DuploCloud Tenant full access to another Tenant's workspace or Namespace. Restrictions are defined by your Security Groups in your underlying Cloud Platform. In the DuploCloud Portal, you configure general access between Tenants using a Tenant's Security tab.
To grant Cross-tenant access only to specific services that are restricted by IAM policies, see the next section.
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant whose resources you want to share from the Name column.
Click the Security tab.
Click Add. The Add Tenant Security pane displays.
From the Source Type list box, select Tenant.
From the Tenants list box, select another Tenant with whom you want to share resources.
From the Protocol list box, select the protocol that you want to use for sharing.
In the Port Range field, specify the range of ports to which you want to grant access.
Add a user-friendly Description of this sharing rule.
Click Add.
To allow access, or create a share, between two Tenants for specific IAM-restricted services, perform this procedure using the Tenant Grants tab.
To establish general non-IAM restricted Cross-tenant access, see the previous section.
You can share access to the following Services between Tenants:
KMS Keys
Ensure that the two Tenants that are sharing resources reside within the same region in the AWS Portal.
In the DuploCloud portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant with access to the restricted resource that you want to share. In this example, we choose to share resources to which Tenant uat-01 has access.
Click the Grants tab. Select Allow Other Tenants to access TENANT_NAME, where TENANT_NAME is the Tenant you selected.
Click Add. The Grant Cross-Tenant Access pane displays.
From the Requesting Tenant list box, select the Tenant with whom you want to share access. In this example, the Requesting Tenant is demo01.
From the Access to Area list box, select the restricted policy-based resource that you want to share.
Click Create. Your Cross-tenant Access share is created.
In the DuploCloud portal, navigate to Administrator -> Tenants. The Tenants page displays.
From the Name column, select the Tenant whose Cross-tenant grants you want to view. In this example, we select Tenant uat-01.
Click the Grants tab. Select Allow Other Tenants to access TENANT_NAME, where TENANT_NAME is the Tenant you selected.
The resources that TENANT_NAME (uat-01, in this example) has access to are displayed.
Limit a user's access to a Tenant to read-only
Set read-only access for a specific user to temporarily or permanently block the user from making changes to an existing Tenant in the DuploCloud Portal.
In the DuploCloud Portal, navigate to Administrator -> Tenants.
From the Name column, select the Tenant for which you want to limit access by a user.
Click the User Access tab.
Click Add. The Add User Access pane displays.
From the User list box, select the user for whom you want to limit access.
Select Read only Access.
Click Add. The User Access tab displays Yes in the READ ONLY column.
The user you specified now has only read access to the Tenant.
Override Delete Protection in order to delete a Tenant
When DuploCloud is installed, a Delete protection setting is created that prevents you from deleting a Tenant, even if you have Administrator privileges.
In order to override this protection:
In the DuploCloud Portal, navigate to Administrator -> Tenants.
Select the Tenant that you want to delete from the Name column.
Click the Settings tab. Note that the value for the Delete protection setting is True, indicating that Delete protection is enabled.
Select the Enable switch to disable Delete protection for the Tenant.
Click Update. Note that the value of the Delete protection setting is now False.
Navigate back to Administrator -> Tenants and select the Tenant that you want to delete.
From the Actions menu, select Delete. The Tenant is deleted.
In the Delete protection row, click the open pane () icon. The Update Tenant Feature pane displays.