Cloud Accounts
Connect your cloud provider accounts to OEC.sh to unlock automated server provisioning, backup storage, and DNS management.
Why Connect Cloud Accounts?
Cloud accounts are the foundation of OEC.sh infrastructure management. Once connected, you can:
- Auto-Provision Servers - Create new servers with a few clicks instead of manual SSH setup
- Manage Backups - Use your existing cloud storage (S3, Spaces, R2) for automated backups
- Configure DNS - Automatically manage DNS records for your Odoo domains
- Single Credential - One account can serve multiple purposes (compute + storage + DNS)
Supported Providers
One-Click Connect (OAuth)
These providers support secure OAuth authentication - no API keys to manage:
| Provider | Capabilities | Connection Time |
|---|---|---|
| DigitalOcean | Compute, Storage, DNS | ~30 seconds |
| Microsoft Azure | Compute, Storage, DNS | ~1 minute |
| Google Cloud | Compute, Storage, DNS | ~1 minute |
API Key Authentication
These providers require manual API key entry:
| Provider | Capabilities | Guide |
|---|---|---|
| Amazon Web Services | Compute, Storage, DNS | IAM Access Keys |
| Hetzner Cloud | Compute only* | API Token |
| Vultr | Compute, Storage, DNS | API Key |
| Linode (Akamai) | Compute, Storage, DNS | Personal Access Token |
| Cloudflare | Storage, DNS | API Token |
| Scaleway | Compute, Storage, DNS | Access + Secret Key |
| OVHcloud | Compute, Storage | Application Keys |
Note on Hetzner: Hetzner Cloud and Hetzner DNS Console are separate services with different API tokens. A Hetzner Cloud token only works for servers, not DNS.
Quick Start
Step 1: Navigate to Cloud Accounts
- Log in to app.oec.sh (opens in a new tab)
- Click Settings in the sidebar
- Select Cloud Accounts tab
Step 2: Add Your First Account
For OAuth providers (DigitalOcean, Azure, GCP):
- Click Add Account
- Click on your provider under "One-Click Connect"
- A new tab opens - authorize OEC.sh access
- You're redirected back - account connected!
For API Key providers (AWS, Hetzner, etc.):
- Click Add Account
- Click on your provider under "API Key Authentication"
- Enter your API credentials (follow provider-specific guide)
- Click Add Account to save
Step 3: Verify Connection
After adding an account:
- Status should show Active (green badge)
- Click the refresh icon to re-validate credentials
- If status shows Error or Invalid, check your credentials
Understanding Capabilities
Each cloud account has specific capabilities based on the provider:
Compute
Allows OEC.sh to create and manage virtual servers:
- Provision new servers automatically
- View server specifications and resources
- Manage SSH keys on cloud provider
Storage
Enables backup storage integration:
- Store Odoo backups in provider's object storage
- S3-compatible storage (AWS S3, DigitalOcean Spaces, Cloudflare R2, etc.)
- Automatic backup policies
DNS
Provides automatic DNS record management:
- Create/update A records for Odoo domains
- Manage custom domains for environments
- Automatic SSL certificate provisioning via Traefik
Best Practices
Security
-
Use Least Privilege - Only grant permissions OEC.sh needs
- AWS: Create dedicated IAM user with limited policies
- Azure: Use app registration with minimal roles
- GCP: Service account with specific permissions
-
Rotate Credentials - For API key providers, rotate keys periodically
-
One Account Per Environment - Consider separate accounts for production vs staging
Organization
- Name Accounts Descriptively - Use names like "Production - AWS" or "EU Hetzner"
- Set Default Accounts - Mark one account as default per provider for quick access
- Add Descriptions - Note what each account is used for
Troubleshooting
"Invalid credentials" Error
Possible causes:
- API key was revoked or expired
- OAuth token expired (click "Refresh" to renew)
- Incorrect credentials entered
Solution:
- Verify credentials in your cloud provider console
- For OAuth: Click "Reconnect" to re-authorize
- For API keys: Edit account and enter correct credentials
"Insufficient permissions" Error
Possible causes:
- IAM user/role doesn't have required permissions
- OAuth app wasn't granted all required scopes
- Resource quotas exceeded on cloud provider
Solution:
- Check provider-specific guide for required permissions
- Update IAM policy or re-authorize OAuth with correct scopes
Account Shows "Expired" Status
This happens when OAuth tokens expire and cannot be refreshed.
Solution:
- Click the Reconnect button on the account
- Re-authorize OEC.sh in the popup
- Account will update to "Active"
Cannot Find My Provider
If your preferred provider isn't listed:
- BYOS Alternative: Add any Linux server via SSH (Add Server Guide)
- Feature Request: Contact support to request provider integration
Provider Setup Guides
Choose your provider for detailed step-by-step instructions:
- DigitalOcean - Easiest setup, OAuth
- Amazon Web Services (AWS) - Enterprise, IAM credentials
- Microsoft Azure - Enterprise, OAuth
- Google Cloud Platform (GCP) - Enterprise, OAuth
- Hetzner Cloud - European, great pricing
- Vultr - Global presence
- Linode (Akamai) - Developer-friendly
- Cloudflare - Storage + DNS only
API Reference
For programmatic cloud account management, see the Cloud Accounts API.
# List cloud accounts
GET /api/v1/cloud-accounts
# Create cloud account
POST /api/v1/cloud-accounts
# Validate credentials
POST /api/v1/cloud-accounts/{id}/validate