Onboarding cloud accounts

PingOne Privilege enables passwordless, just-in-time (JIT) access to resources across the following infrastructures:

Cloud providers offer numerous predefined roles, many of which Identity and Access Management (IAM) administrators might find overly permissive. PingOne Privilege supports least-privileged access through dynamic roles, where roles are created and deleted on-demand through automation.

Primary supported resources

Cloud	Servers	Databases	Kubernetes Clusters	Cloud CLI	Console Login
AWS	Yes️	Yes️	EKS	AWS CLI	Yes️
Azure	Yes️	Yes️	AKS	Azure CLI	Yes️
GCP	Yes️	Yes️	GKE	gcloud CLI	Yes️

Cloud

Servers

Databases

Kubernetes Clusters

Cloud CLI

Console Login

AWS

Yes️

EKS

AWS CLI

Yes️

Azure

Yes️

AKS

Azure CLI

Yes️

GCP

Yes️

GKE

gcloud CLI

Yes️

Resources available through CLI and assumed roles

Cloud Resources accessible through CLI or assume-role

Cloud	Resources accessible through CLI or `assume-role`
	EC2 Instance EC2 Key Pair EC2 Network Interface EC2 EBS Volume EC2 Security Group EC2 Elastic IP EKS Namespace KMS Key RDS DB Instance S3 Bucket VPC
	AKS Namespace Load Balancer Managed Cluster Microsoft Entra ID MySQL Flexible Server PostgreSQL Flexible Server Resource Group SQL Server SQL Server Database Subscription Virtual Machine
	BigQuery Table Cloud Bigtable Instance Cloud Functions Compute Instance Folder GKE Namespace Organization Project Pub/Sub Topic Service Account SQL Instance Storage Bucket VPC Network

EC2 Instance
EC2 Key Pair
EC2 Network Interface
EC2 EBS Volume
EC2 Security Group
EC2 Elastic IP
EKS Namespace
KMS Key
RDS DB Instance
S3 Bucket
VPC

AKS Namespace
Load Balancer
Managed Cluster
Microsoft Entra ID
MySQL Flexible Server
PostgreSQL Flexible Server
Resource Group
SQL Server
SQL Server Database
Subscription
Virtual Machine

BigQuery Table
Cloud Bigtable Instance
Cloud Functions
Compute Instance
Folder
GKE Namespace
Organization
Project
Pub/Sub Topic
Service Account
SQL Instance
Storage Bucket
VPC Network