DOCUMENTATION

Unified Multi-Cloud Management Platform

Complete user guide for seamless management of your cloud resources across AWS, Azure, and Google Cloud Platform.

Documentation

Introduction

This documentation provides guidance for users of the Unified Multi-Cloud Management Platform developed by Move2Cloud. The platform enables seamless management of cloud resources across Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) from a single intuitive interface.

Designed to reduce operational complexity and improve productivity, it is ideal for teams managing multi-cloud infrastructures.

Key Features

Unified Dashboard

View and manage resources from AWS, Azure, and GCP in one place with intuitive controls and comprehensive visibility.

Delegated Secure Access

Connect cloud accounts using scoped permissions without sharing master credentials, maintaining security best practices.

Resource Management

Provision, monitor, and configure VMs, storage, databases, and networks with advanced controls and automation capabilities.

Cross-Cloud Visibility

Consolidated view of infrastructure across providers with real-time metrics, cost analysis, and performance insights.

Getting Started

1

Account Creation

  1. 1
    Visit m2c-chatbot.io
  2. 2
    Click Sign Up
  3. 3
    Verify your email and complete onboarding
2

Logging In

  1. 1
    Navigate to the Login page
  2. 2
    Enter credentials and complete multi-factor authentication
3

Configuring Granted Permissions

  1. 1
    Go to Dashboard
  2. 2
    In the Sidebar click on Settings → Cloud Integrations
  3. 3
    Our available services for now are just AWS and Azure. Select your desired service to start with and we’ll tell you in the next section how to configure these

Connecting Cloud Accounts

Configure each cloud provider once, then select the provider and account from Cloud Console. Move2Cloud uses these credentials to translate human requests into scoped CLI-style operations.

Security baseline

Use dedicated identities, least-privilege permissions, separated production and sandbox accounts, and short-lived credentials where the provider supports them. Start with read-only permissions, then add write permissions only for the operations users are allowed to run.

Cloud provider setup

Amazon Web Services (AWS)

Allow Move2Cloud to execute AWS CLI operations through delegated or temporary access.

Recommended
Managed IAM role with External ID. Temporary STS credentials and local AWS profiles are available for testing or local agent-core usage.

Setup steps

  1. 1Create an IAM role in the AWS account you want to manage.
  2. 2Add the Move2Cloud principal to the trust policy and require the External ID shown in the Cloud Integration form.
  3. 3Attach a least-privilege policy matching the actions you want to allow, for example read-only inventory, EC2 operations, logs access or billing visibility.
  4. 4Copy the AWS Account ID, Role ARN, External ID and default region into Move2Cloud.
  5. 5Save the account, then validate access before using it in Cloud Console.

Fields in Move2Cloud

  • Connection method
  • Default region
  • AWS Account ID
  • IAM Role ARN or temporary credentials
  • External ID for managed role access

Notes

  • Use IAM roles for production. Avoid storing long-lived access keys.
  • For temporary credentials, paste STS credentials with an expiration date.
  • For local profiles, agent-core must run where the AWS CLI profile is configured.
Cloud provider setup

Microsoft Azure

Connect one or more Azure subscriptions using a service principal.

Recommended
Azure App Registration with a client secret and subscription-level role assignments.

Setup steps

  1. 1Create an App Registration in Microsoft Entra ID.
  2. 2Create a client secret and copy its value immediately.
  3. 3Assign the app a suitable role on each target subscription, resource group or management group.
  4. 4Copy the Client ID, Client Secret and Tenant ID into Move2Cloud.
  5. 5Add the subscriptions and aliases that users should see in the chat account selector.

Fields in Move2Cloud

  • Client ID
  • Client Secret
  • Tenant ID
  • Default location
  • Default resource group
  • Subscription IDs and aliases

Notes

  • Prefer scoped role assignments instead of tenant-wide permissions.
  • Rotate client secrets periodically or move to federated credentials later.
  • Use aliases that are meaningful for non-technical users, such as Production or Sandbox.
Cloud provider setup

Google Cloud Platform (GCP)

Connect a GCP project so Move2Cloud can inspect resources and execute approved gcloud operations.

Recommended
Service account JSON key for the first version. Workload Identity Federation can be added later for enterprise setups.

Setup steps

  1. 1Create a dedicated service account in the target GCP project.
  2. 2Grant the minimum IAM roles required for the operations you want to allow.
  3. 3Generate a JSON key for the service account.
  4. 4Copy the Project ID, service account JSON key, default region and default zone into Move2Cloud.
  5. 5Save the account and test a read-only command before allowing write operations.

Fields in Move2Cloud

  • Project ID
  • Service Account Key JSON
  • Default region
  • Default zone

Notes

  • Avoid using Owner. Start with Viewer plus specific service roles.
  • Store and rotate JSON keys carefully.
  • Use default region and zone to reduce ambiguity in chat commands.
Cloud provider setup

OVHcloud

Connect an OVHcloud Public Cloud project using OVH API credentials.

Recommended
OVH application key, application secret and consumer key scoped to the Public Cloud project.

Setup steps

  1. 1Create or select the Public Cloud project to manage.
  2. 2Generate OVH API credentials for the endpoint matching your account, for example ovh-eu.
  3. 3Scope the consumer key to the APIs required for the project operations.
  4. 4Copy the endpoint, project ID, application key, application secret, consumer key and default region into Move2Cloud.
  5. 5Validate with a read-only project or instance listing command.

Fields in Move2Cloud

  • Endpoint
  • Public Cloud Project ID
  • Default region
  • Application Key
  • Application Secret
  • Consumer Key

Notes

  • Use a dedicated application for Move2Cloud access.
  • Limit API rules to the required project whenever possible.
  • Default regions such as GRA11 help commands like VM creation remain predictable.
Cloud provider setup

Scaleway

Connect a Scaleway project and organization for CLI-style cloud operations.

Recommended
Project-scoped API key with default region and zone.

Setup steps

  1. 1Create an API key from the Scaleway console.
  2. 2Restrict the key to the organization and project you want to expose.
  3. 3Copy the access key, secret key, organization ID and project ID.
  4. 4Set a default region and zone, such as fr-par and fr-par-1.
  5. 5Save the account and run a read-only resource listing first.

Fields in Move2Cloud

  • Access Key
  • Secret Key
  • Organization ID
  • Project ID
  • Default region
  • Default zone

Notes

  • Use project-level scoping to avoid exposing unrelated resources.
  • Create separate accounts in Move2Cloud for production and sandbox projects.
  • Rotate API keys if a user leaves the workspace.
Cloud provider setup

IBM Cloud

Connect IBM Cloud resources through an API key and a resource group.

Recommended
Dedicated IBM Cloud API key with access limited to the target account and resource group.

Setup steps

  1. 1Create a dedicated service ID or user API key in IBM Cloud.
  2. 2Grant access only to the target resource group and services.
  3. 3Copy the API key, account ID, resource group and default region.
  4. 4Save the account in Move2Cloud.
  5. 5Validate access with a resource group or instance listing command.

Fields in Move2Cloud

  • API Key
  • Account ID
  • Resource Group
  • Default region

Notes

  • Resource groups are important because many IBM Cloud commands need a target scope.
  • Prefer service IDs over personal user keys for production.
  • Keep separate API keys for different environments.
Cloud provider setup

Alibaba Cloud

Connect Alibaba Cloud with access keys or a RAM role for managed resource operations.

Recommended
RAM user or RAM role with least-privilege policies and a configured resource group.

Setup steps

  1. 1Create a RAM user or RAM role dedicated to Move2Cloud.
  2. 2Attach policies that match the operations you want to allow.
  3. 3Create access keys for the RAM identity if you are not using a role flow.
  4. 4Copy the Access Key ID, Access Key Secret, optional RAM Role ARN, account ID, resource group ID and default region.
  5. 5Validate with a read-only ECS or resource listing command.

Fields in Move2Cloud

  • Access Key ID
  • Access Key Secret
  • Account ID
  • RAM Role ARN
  • Resource Group ID
  • Default region

Notes

  • Use a RAM role where possible for better control.
  • Resource groups help keep chat commands scoped to the right environment.
  • Use separate identities for production and non-production accounts.
Cloud provider setup

Oracle Cloud Infrastructure (OCI)

Connect OCI using API key authentication and a default compartment.

Recommended
OCI API key pair attached to a user with policies scoped to the target compartment.

Setup steps

  1. 1Create or select an OCI user dedicated to Move2Cloud.
  2. 2Upload the public API key to the OCI user and keep the private key secure.
  3. 3Create IAM policies that grant the required permissions in the target compartment.
  4. 4Copy the tenancy OCID, user OCID, fingerprint, private key, compartment OCID and default region.
  5. 5Save the account and validate with a compartment or instance listing command.

Fields in Move2Cloud

  • Tenancy OCID
  • User OCID
  • Fingerprint
  • Private Key
  • Compartment OCID
  • Default region

Notes

  • The compartment OCID is the main execution scope for OCI commands.
  • Keep the private key encrypted at rest.
  • Use policies scoped to a compartment rather than broad tenancy permissions.

Managing Cloud Resources

Once your cloud accounts are connected, you can manage all your resources from a single dashboard:

View Resources

Get a comprehensive view of all your cloud resources across AWS, Azure, and GCP in a unified dashboard with filtering and search capabilities.

Provision Resources

Create new resources with standardized templates and configurations across all your cloud providers with just a few clicks.

Monitor Performance

Track usage, costs, and performance metrics with real-time dashboards and customizable alerts for all your cloud resources.

Configure Resources

Manage settings, security, and networking configurations for all your cloud resources from a single interface.

Security and Permissions

Move2Cloud follows the Principle of Least Privilege:

  • Delegated Access Only

    We only access resources explicitly delegated via roles/service principals, ensuring your cloud environment remains secure.

  • Comprehensive Audit Logging

    All actions performed through our platform are logged and auditable, providing transparency and accountability.

  • Full Control Retention

    You retain full control to revoke permissions at any time in your cloud accounts, ensuring you always maintain ultimate authority.

Security Best Practices

Regular Permission Reviews

Regularly review and audit the permissions granted to Move2Cloud to ensure they align with your security policies and requirements.

Multi-Factor Authentication

Enable MFA for all users accessing the Move2Cloud platform to add an additional layer of security to your account.

Activity Monitoring

Regularly monitor the activity logs to identify any unusual or unauthorized access patterns or actions.

Secure Credential Storage

All credentials and secrets are encrypted at rest and in transit using industry-standard encryption protocols.

Privacy Policy

How Move2Cloud handles user data

Move2Cloud collects the minimum data required to provide a multi-cloud assistant experience: user identity, workspace configuration, cloud integration metadata, conversation history and usage counters. This information is used to route requests, display the right providers and accounts, keep activity auditable and help users manage their subscription limits.

Account and workspace data

We store the profile, workspace preferences, selected cloud providers, account aliases and billing plan details needed to operate the platform.

Cloud credentials and scopes

Cloud credentials are used only to validate integrations and execute approved operations in the selected account, project, subscription or compartment.

Conversation and usage records

Conversation history, generated commands, provider context and API unit usage help users reopen work, audit activity and understand quota consumption.

User control

  • Users can update account preferences, communication settings and selected cloud environments.
  • Workspace administrators can add, test, rotate or remove cloud accounts from Cloud Accounts.
  • Conversation history can be reviewed and deleted from Recent Conversations.
  • Account deactivation and deletion actions are available from the profile Danger Zone.

Security commitments

  • Use least-privilege cloud permissions and dedicated identities for provider integrations.
  • Protect credentials and secrets at rest and in transit with encryption controls.
  • Keep audit-friendly traces for cloud operations, quota usage and account changes.
  • Never use connected cloud accounts outside the selected workspace context and requested actions.

Frequently Asked Questions

Need answers to common questions?

Visit our dedicated FAQ page for detailed answers to the most frequently asked questions about our Multi-Cloud Management Platform.

Visit FAQ Page

Support and Contact

Email Support

Our support team is available to assist you with any questions or issues you may encounter.

support@move2cloud.com

Website

Visit our website for additional resources, documentation, and support options.

https://move2cloud.com