Customer Admin Reference

Reference for your customer's admin — link to it directly or use as a template for your own customer-facing docs.

What's Happening

Your customer runs a one-time setup to connect their environment. After that, you push updates, monitor the deployment, and manage everything — the customer doesn't need to touch anything.

Their data stays in their environment. You get limited access to manage the deployment, not to read their data.

Deploy to AWS / GCP / Azure

1. Install the Deploy CLI

curl -fsSL <install-url> | bash

2. Set Up Cloud Credentials

# AWS
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_REGION=us-east-1

# GCP
export GOOGLE_APPLICATION_CREDENTIALS=/path/to/key.json

# Azure
export AZURE_CLIENT_ID=...
export AZURE_CLIENT_SECRET=...
export AZURE_TENANT_ID=...

3. Deploy

alien-deploy up \
  --token <your-token> \
  --platform aws \
  --manager-url <server-url>

This creates a scoped IAM role (AWS), service account (GCP), or managed identity (Azure). The role is limited to only the resources the deployment needs.

4. Check Status

alien-deploy status

Managing the Deployment

# Check status
alien-deploy status

# Stop the agent (pull model)
alien-deploy agent stop

# Start the agent
alien-deploy agent start

# Tear down — removes all managed resources
alien-deploy down

# Uninstall the agent system service
alien-deploy agent uninstall

What Gets Created

Security

• Scoped access. Limited role — not root credentials. The role only covers the resources the deployment needs.
• Data stays in the customer's environment. The deployment runs entirely in their infrastructure.
• No inbound networking required. Pull model: outbound HTTPS only. Push model: cloud APIs are called using the scoped role.
• Tear down at any time. alien-deploy down removes all managed resources and revokes access.