OneCloud

Connections

Connect in 5 minutes —
no plaintext long-lived keys.

AWS STS AssumeRole (external ID), Azure Service Principal, GCP Workload Identity Federation, Naver Cloud HMAC, Vultr API — cloud-native only.

Quickstart

A few clicks in the console — that’s it.

Hit “New connection” and we issue a per-cloud external ID along with the IAM policy you’ll need. Pick Terraform, CloudFormation, or the console click-through to create the least-privilege role.

Start freeTalk to sales

Providers

Every supported cloud, least-privilege

Cloud-native auth only stored as-is. Key rotation, permission diagnostics, and audit logs are built in.

AWS

STS AssumeRole + external ID

External ID is enforced to reduce confused-deputy risk. Both CUR and FOCUS Export are ingested via the same role.

Azure

Service Principal

Call Cost Management Exports and the Query API through an Entra-registered Service Principal.

GCP

Workload Identity Federation

Impersonate a service account from an external IdP — no keys — and access BigQuery Billing Export.

Naver Cloud

HMAC + Sub Account

Access Cost & Usage / List Price APIs with x-ncp-apigw-signature-v2. Sub Account policy changes are auto-detected.

Vultr

Billing API

Pull Billing History and Invoices endpoints with rate-limit-aware backoff.

Diagnostics

Permission diagnostics, rotation

Right after connecting, OneCloud diagnoses missing/recommended permissions and warns on rotation/expiry.

Connect with least privilege, in 5 minutes

Cloud-native auth only stored as-is. Key rotation, permission diagnostics, and audit logs are built in.
Start freeTalk to sales