Merge branch 'main' into refactor/cloud-integration-modules

cmd/community/server.go

@@ -18,9 +18,12 @@ import (
 	"github.com/SigNoz/signoz/pkg/gateway/noopgateway"
 	"github.com/SigNoz/signoz/pkg/licensing"
 	"github.com/SigNoz/signoz/pkg/licensing/nooplicensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/query-service/app"
 	"github.com/SigNoz/signoz/pkg/queryparser"
@@ -28,6 +31,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/sqlschema"
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
 	"github.com/SigNoz/signoz/pkg/zeus/noopzeus"
@@ -90,6 +94,9 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 		func(ps factory.ProviderSettings, q querier.Querier, a analytics.Analytics) querier.Handler {
 			return querier.NewHandler(ps, q, a)
 		},
+		func(_ cloudintegrationtypes.Store, _ zeus.Zeus, _ gateway.Gateway, _ licensing.Licensing, _ user.Getter, _ user.Setter) cloudintegration.Module {
+			return implcloudintegration.NewModule()
+		},
 	)
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", errors.Attr(err))

cmd/enterprise/server.go

@@ -15,6 +15,7 @@ import (
 	"github.com/SigNoz/signoz/ee/gateway/httpgateway"
 	enterpriselicensing "github.com/SigNoz/signoz/ee/licensing"
 	"github.com/SigNoz/signoz/ee/licensing/httplicensing"
+	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/ee/modules/dashboard/impldashboard"
 	eequerier "github.com/SigNoz/signoz/ee/querier"
 	enterpriseapp "github.com/SigNoz/signoz/ee/query-service/app"
@@ -29,9 +30,11 @@ import (
 	"github.com/SigNoz/signoz/pkg/factory"
 	"github.com/SigNoz/signoz/pkg/gateway"
 	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	pkgimpldashboard "github.com/SigNoz/signoz/pkg/modules/dashboard/impldashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/querier"
 	"github.com/SigNoz/signoz/pkg/queryparser"
 	"github.com/SigNoz/signoz/pkg/signoz"
@@ -39,6 +42,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/sqlstore"
 	"github.com/SigNoz/signoz/pkg/sqlstore/sqlstorehook"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
 )
@@ -131,8 +135,10 @@ func runServer(ctx context.Context, config signoz.Config, logger *slog.Logger) e
 			communityHandler := querier.NewHandler(ps, q, a)
 			return eequerier.NewHandler(ps, q, communityHandler)
 		},
+		func(store cloudintegrationtypes.Store, zeus zeus.Zeus, gateway gateway.Gateway, licensing licensing.Licensing, userGetter user.Getter, userSetter user.Setter) cloudintegration.Module {
+			return implcloudintegration.NewModule(store, config.Global, zeus, gateway, licensing, userGetter, userSetter)
+		},
 	)
-
 	if err != nil {
 		logger.ErrorContext(ctx, "failed to create signoz", errors.Attr(err))
 		return err

ee/modules/cloudintegration/implcloudintegration/implcloudprovider/awscloudprovider.go

@@ -0,0 +1,46 @@
+package implcloudprovider
+
+import (
+	"context"
+	"fmt"
+	"net/url"
+
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+)
+
+type awscloudprovider struct{}
+
+func NewAWSCloudProvider() cloudintegration.CloudProviderModule {
+	return &awscloudprovider{}
+}
+
+func (provider *awscloudprovider) GetConnectionArtifact(ctx context.Context, creds *cloudintegrationtypes.SignozCredentials, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.ConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	// TODO: get this from config
+	agentVersion := "v0.0.8"
+
+	baseURL := fmt.Sprintf("https://%s.console.aws.amazon.com/cloudformation/home", req.Aws.DeploymentRegion)
+	u, _ := url.Parse(baseURL)
+
+	q := u.Query()
+	q.Set("region", req.Aws.DeploymentRegion)
+	u.Fragment = "/stacks/quickcreate"
+
+	u.RawQuery = q.Encode()
+
+	q = u.Query()
+	q.Set("stackName", "signoz-integration")
+	q.Set("templateURL", fmt.Sprintf("https://signoz-integrations.s3.us-east-1.amazonaws.com/aws-quickcreate-template-%s.json", agentVersion))
+	q.Set("param_SigNozIntegrationAgentVersion", agentVersion)
+	q.Set("param_SigNozApiUrl", creds.SigNozAPIURL)
+	q.Set("param_SigNozApiKey", creds.SigNozAPIKey)
+	q.Set("param_SigNozAccountId", account.ID.StringValue())
+	q.Set("param_IngestionUrl", creds.IngestionURL)
+	q.Set("param_IngestionKey", creds.IngestionKey)
+
+	return &cloudintegrationtypes.ConnectionArtifact{
+		Aws: &cloudintegrationtypes.AWSConnectionArtifact{
+			ConnectionURL: u.String() + "?&" + q.Encode(), // this format is required by AWS
+		},
+	}, nil
+}

ee/modules/cloudintegration/implcloudintegration/implcloudprovider/azurecloudprovider.go

@@ -0,0 +1,18 @@
+package implcloudprovider
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+)
+
+type azurecloudprovider struct{}
+
+func NewAzureCloudProvider() cloudintegration.CloudProviderModule {
+	return &azurecloudprovider{}
+}
+
+func (provider *azurecloudprovider) GetConnectionArtifact(ctx context.Context, creds *cloudintegrationtypes.SignozCredentials, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.ConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	panic("implement me")
+}

ee/modules/cloudintegration/implcloudintegration/module.go

@@ -0,0 +1,262 @@
+package implcloudintegration
+
+import (
+	"context"
+	"time"
+
+	"github.com/SigNoz/signoz/ee/modules/cloudintegration/implcloudintegration/implcloudprovider"
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/gateway"
+	"github.com/SigNoz/signoz/pkg/global"
+	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/modules/user"
+	"github.com/SigNoz/signoz/pkg/types"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/types/zeustypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/SigNoz/signoz/pkg/zeus"
+)
+
+type module struct {
+	userGetter        user.Getter
+	userSetter        user.Setter
+	store             cloudintegrationtypes.Store
+	gateway           gateway.Gateway
+	zeus              zeus.Zeus
+	licensing         licensing.Licensing
+	globalConfig      global.Config
+	cloudProvidersMap map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule
+}
+
+func NewModule(
+	store cloudintegrationtypes.Store,
+	globalConfig global.Config,
+	zeus zeus.Zeus,
+	gateway gateway.Gateway,
+	licensing licensing.Licensing,
+	userGetter user.Getter,
+	userSetter user.Setter,
+) cloudintegration.Module {
+	awsCloudProviderModule := implcloudprovider.NewAWSCloudProvider()
+	azureCloudProviderModule := implcloudprovider.NewAzureCloudProvider()
+	cloudProvidersMap := map[cloudintegrationtypes.CloudProviderType]cloudintegration.CloudProviderModule{
+		cloudintegrationtypes.CloudProviderTypeAWS:   awsCloudProviderModule,
+		cloudintegrationtypes.CloudProviderTypeAzure: azureCloudProviderModule,
+	}
+
+	return &module{
+		store:             store,
+		globalConfig:      globalConfig,
+		zeus:              zeus,
+		gateway:           gateway,
+		licensing:         licensing,
+		userGetter:        userGetter,
+		userSetter:        userSetter,
+		cloudProvidersMap: cloudProvidersMap,
+	}
+}
+
+func (module *module) CreateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
+	_, err := module.licensing.GetActive(ctx, account.OrgID)
+	if err != nil {
+		return errors.New(errors.TypeLicenseUnavailable, errors.CodeLicenseUnavailable, "a valid license is not available").WithAdditional("this feature requires a valid license").WithAdditional(err.Error())
+	}
+
+	storableCloudIntegration, err := cloudintegrationtypes.NewStorableCloudIntegration(account)
+	if err != nil {
+		return err
+	}
+
+	return module.store.CreateAccount(ctx, storableCloudIntegration)
+}
+
+func (module *module) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.ConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	// TODO: evaluate if this check is really required and remove if the deployment promises to always have this configured.
+	if module.globalConfig.IngestionURL == nil {
+		return nil, errors.New(errors.TypeInternal, errors.CodeInternal, "ingestion URL is not configured")
+	}
+
+	// get license to get the deployment details
+	license, err := module.licensing.GetActive(ctx, account.OrgID)
+	if err != nil {
+		return nil, err
+	}
+
+	// get deployment details from zeus
+	respBytes, err := module.zeus.GetDeployment(ctx, license.Key)
+	if err != nil {
+		return nil, errors.WrapInternalf(err, errors.CodeInternal, "couldn't get deployment")
+	}
+
+	// parse deployment details
+	deployment, err := zeustypes.NewGettableDeployment(respBytes)
+	if err != nil {
+		return nil, err
+	}
+
+	apiKey, err := module.getOrCreateAPIKey(ctx, account.OrgID, account.Provider)
+	if err != nil {
+		return nil, err
+	}
+
+	ingestionKey, err := module.getOrCreateIngestionKey(ctx, account.OrgID, account.Provider)
+	if err != nil {
+		return nil, err
+	}
+
+	creds := &cloudintegrationtypes.SignozCredentials{
+		SigNozAPIURL: deployment.SignozAPIUrl,
+		SigNozAPIKey: apiKey,
+		IngestionURL: module.globalConfig.IngestionURL.String(),
+		IngestionKey: ingestionKey,
+	}
+
+	cloudProviderModule, err := module.GetCloudProvider(account.Provider)
+	if err != nil {
+		return nil, err
+	}
+
+	return cloudProviderModule.GetConnectionArtifact(ctx, creds, account, req)
+}
+
+func (module *module) GetAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Account, error) {
+	panic("unimplemented")
+}
+
+func (module *module) AgentCheckIn(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, req *cloudintegrationtypes.AgentCheckInRequest) (*cloudintegrationtypes.AgentCheckInResponse, error) {
+	panic("unimplemented")
+}
+
+func (module *module) CreateService(ctx context.Context, orgID valuer.UUID, service *cloudintegrationtypes.CloudIntegrationService) error {
+	panic("unimplemented")
+}
+
+func (module *module) DisconnectAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
+	panic("unimplemented")
+}
+
+func (module *module) GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error) {
+	panic("unimplemented")
+}
+
+func (module *module) GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*cloudintegrationtypes.Service, error) {
+	panic("unimplemented")
+}
+
+func (module *module) ListAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.Account, error) {
+	panic("unimplemented")
+}
+
+func (module *module) ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
+	panic("unimplemented")
+}
+
+func (module *module) ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) ([]*cloudintegrationtypes.ServiceMetadata, error) {
+	panic("unimplemented")
+}
+
+func (module *module) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
+	panic("unimplemented")
+}
+
+func (module *module) UpdateService(ctx context.Context, orgID valuer.UUID, service *cloudintegrationtypes.CloudIntegrationService) error {
+	panic("unimplemented")
+}
+
+func (m *module) GetCloudProvider(provider cloudintegrationtypes.CloudProviderType) (cloudintegration.CloudProviderModule, error) {
+	if cloudProviderModule, ok := m.cloudProvidersMap[provider]; ok {
+		return cloudProviderModule, nil
+	}
+
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "cloud provider is not supported")
+}
+
+func (module *module) getOrCreateIngestionKey(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
+	keyName := cloudintegrationtypes.NewIngestionKeyName(provider)
+
+	result, err := module.gateway.SearchIngestionKeysByName(ctx, orgID, keyName, 1, 10)
+	if err != nil {
+		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't search ingestion keys")
+	}
+
+	for _, k := range result.Keys {
+		if k.Name == keyName {
+			return k.Value, nil
+		}
+	}
+
+	created, err := module.gateway.CreateIngestionKey(ctx, orgID, keyName, []string{"integration"}, time.Time{})
+	if err != nil {
+		return "", errors.WrapInternalf(err, errors.CodeInternal, "couldn't create ingestion key")
+	}
+
+	return created.Value, nil
+}
+
+func (module *module) getOrCreateAPIKey(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (string, error) {
+	integrationUser, err := module.getOrCreateIntegrationUser(ctx, orgID, provider)
+	if err != nil {
+		return "", err
+	}
+
+	existingKeys, err := module.userSetter.ListAPIKeys(ctx, orgID)
+	if err != nil {
+		return "", err
+	}
+
+	keyName := cloudintegrationtypes.NewAPIKeyName(provider)
+
+	for _, key := range existingKeys {
+		if key.Name == keyName && key.UserID == integrationUser.ID {
+			return key.Token, nil
+		}
+	}
+
+	apiKey, err := types.NewStorableAPIKey(keyName, integrationUser.ID, types.RoleViewer, 0)
+	if err != nil {
+		return "", err
+	}
+
+	err = module.userSetter.CreateAPIKey(ctx, apiKey)
+	if err != nil {
+		return "", err
+	}
+
+	return apiKey.Token, nil
+}
+
+func (module *module) getOrCreateIntegrationUser(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*types.User, error) {
+	email, err := cloudintegrationtypes.GetCloudProviderEmail(provider)
+	if err != nil {
+		return nil, err
+	}
+
+	// get user by email
+	integrationUser, err := module.userGetter.GetNonDeletedUserByEmailAndOrgID(ctx, email, orgID)
+	if err != nil && !errors.Ast(err, errors.TypeNotFound) {
+		return nil, err
+	}
+
+	// if user found, return
+	if integrationUser != nil {
+		return integrationUser, nil
+	}
+
+	// if user not found, create a new one
+	displayName := cloudintegrationtypes.NewIntegrationUserDisplayName(provider)
+	integrationUser, err = types.NewUser(displayName, email, orgID, types.UserStatusActive)
+	if err != nil {
+		return nil, err
+	}
+
+	password := types.MustGenerateFactorPassword(integrationUser.ID.String())
+
+	err = module.userSetter.CreateUser(ctx, integrationUser, user.WithFactorPassword(password))
+	if err != nil {
+		return nil, err
+	}
+
+	return integrationUser, nil
+}

pkg/modules/cloudintegration/cloudintegration.go

@@ -13,16 +13,16 @@ type Module interface {
 	CreateAccount(ctx context.Context, account *citypes.Account) error
 
 	// GetAccount returns cloud integration account
-	GetAccount(ctx context.Context, orgID, accountID valuer.UUID) (*citypes.Account, error)
+	GetAccount(ctx context.Context, orgID, accountID valuer.UUID, provider citypes.CloudProviderType) (*citypes.Account, error)
 
 	// ListAccounts lists accounts where agent is connected
-	ListAccounts(ctx context.Context, orgID valuer.UUID) ([]*citypes.Account, error)
+	ListAccounts(ctx context.Context, orgID valuer.UUID, provider citypes.CloudProviderType) ([]*citypes.Account, error)
 
 	// UpdateAccount updates the cloud integration account for a specific organization.
 	UpdateAccount(ctx context.Context, account *citypes.Account) error
 
 	// DisconnectAccount soft deletes/removes a cloud integration account.
-	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID) error
+	DisconnectAccount(ctx context.Context, orgID, accountID valuer.UUID, provider citypes.CloudProviderType) error
 
 	// GetConnectionArtifact returns cloud provider specific connection information,
 	// client side handles how this information is shown
@@ -36,11 +36,14 @@ type Module interface {
 	// other details required to show in service details page on web client.
 	GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*citypes.Service, error)
 
+	// CreateService creates a new service for a cloud integration account.
+	CreateService(ctx context.Context, orgID valuer.UUID, service *citypes.CloudIntegrationService) error
+
 	// UpdateService updates cloud integration service
 	UpdateService(ctx context.Context, orgID valuer.UUID, service *citypes.CloudIntegrationService) error
 
 	// AgentCheckIn is called by agent to heartbeat and get latest config in response.
-	AgentCheckIn(ctx context.Context, orgID valuer.UUID, req *citypes.AgentCheckInRequest) (*citypes.AgentCheckInResponse, error)
+	AgentCheckIn(ctx context.Context, orgID valuer.UUID, provider citypes.CloudProviderType, req *citypes.AgentCheckInRequest) (*citypes.AgentCheckInResponse, error)
 
 	// GetDashboardByID returns dashboard JSON for a given dashboard id.
 	// this only returns the dashboard when the service (embedded in dashboard id) is enabled
@@ -50,6 +53,13 @@ type Module interface {
 	// ListDashboards returns list of dashboards across all connected cloud integration accounts
 	// for enabled services in the org. This list gets added to dashboard list page
 	ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error)
+
+	// GetCloudProvider returns cloud provider specific module
+	GetCloudProvider(provider citypes.CloudProviderType) (CloudProviderModule, error)
+}
+
+type CloudProviderModule interface {
+	GetConnectionArtifact(ctx context.Context, creds *citypes.SignozCredentials, account *citypes.Account, req *citypes.ConnectionArtifactRequest) (*citypes.ConnectionArtifact, error)
 }
 
 type Handler interface {

pkg/modules/cloudintegration/implcloudintegration/handler.go

@@ -1,20 +1,83 @@
 package implcloudintegration
 
 import (
+	"context"
 	"net/http"
+	"time"
 
+	"github.com/SigNoz/signoz/pkg/http/binding"
+	"github.com/SigNoz/signoz/pkg/http/render"
 	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+	"github.com/gorilla/mux"
 )
 
-type handler struct{}
-
-func NewHandler() cloudintegration.Handler {
-	return &handler{}
+type handler struct {
+	module cloudintegration.Module
 }
 
-func (handler *handler) CreateAccount(writer http.ResponseWriter, request *http.Request) {
-	// TODO implement me
-	panic("implement me")
+func NewHandler(module cloudintegration.Module) cloudintegration.Handler {
+	return &handler{
+		module: module,
+	}
+}
+
+func (handler *handler) CreateAccount(rw http.ResponseWriter, r *http.Request) {
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	claims, err := authtypes.ClaimsFromContext(ctx)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	providerString := mux.Vars(r)["cloud_provider"]
+	provider, err := cloudintegrationtypes.NewCloudProvider(providerString)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	postableConnectionArtifact := new(cloudintegrationtypes.PostableConnectionArtifact)
+
+	err = binding.JSON.BindBody(r.Body, postableConnectionArtifact)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	accountConfig, err := cloudintegrationtypes.NewAccountConfigFromPostableArtifact(provider, postableConnectionArtifact)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	account := cloudintegrationtypes.NewAccount(valuer.MustNewUUID(claims.OrgID), provider, accountConfig)
+	err = handler.module.CreateAccount(ctx, account)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	connectionArtifactRequest, err := cloudintegrationtypes.NewArtifactRequestFromPostableArtifact(provider, postableConnectionArtifact)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	connectionArtifact, err := handler.module.GetConnectionArtifact(ctx, account, connectionArtifactRequest)
+	if err != nil {
+		render.Error(rw, err)
+		return
+	}
+
+	render.Success(rw, http.StatusOK, cloudintegrationtypes.GettableAccountWithArtifact{
+		ID:       account.ID,
+		Artifact: connectionArtifact,
+	})
 }
 
 func (handler *handler) ListAccounts(writer http.ResponseWriter, request *http.Request) {

pkg/modules/cloudintegration/implcloudintegration/module.go

@@ -0,0 +1,73 @@
+package implcloudintegration
+
+import (
+	"context"
+
+	"github.com/SigNoz/signoz/pkg/errors"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
+	"github.com/SigNoz/signoz/pkg/types/dashboardtypes"
+	"github.com/SigNoz/signoz/pkg/valuer"
+)
+
+type module struct{}
+
+func NewModule() cloudintegration.Module {
+	return &module{}
+}
+
+func (m *module) CreateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
+	return errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "create account is not supported")
+}
+
+func (m *module) GetAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) (*cloudintegrationtypes.Account, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "get account is not supported")
+}
+
+func (m *module) ListAccounts(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) ([]*cloudintegrationtypes.Account, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "list accounts is not supported")
+}
+
+func (m *module) UpdateAccount(ctx context.Context, account *cloudintegrationtypes.Account) error {
+	return errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "update account is not supported")
+}
+
+func (m *module) DisconnectAccount(ctx context.Context, orgID valuer.UUID, accountID valuer.UUID, provider cloudintegrationtypes.CloudProviderType) error {
+	return errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "disconnect account is not supported")
+}
+
+func (m *module) CreateService(ctx context.Context, orgID valuer.UUID, service *cloudintegrationtypes.CloudIntegrationService) error {
+	return errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "create service is not supported")
+}
+
+func (m *module) GetService(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID, serviceID string) (*cloudintegrationtypes.Service, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "get service is not supported")
+}
+
+func (m *module) ListServicesMetadata(ctx context.Context, orgID valuer.UUID, integrationID *valuer.UUID) ([]*cloudintegrationtypes.ServiceMetadata, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "list services metadata is not supported")
+}
+
+func (m *module) UpdateService(ctx context.Context, orgID valuer.UUID, service *cloudintegrationtypes.CloudIntegrationService) error {
+	return errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "update service is not supported")
+}
+
+func (m *module) GetConnectionArtifact(ctx context.Context, account *cloudintegrationtypes.Account, req *cloudintegrationtypes.ConnectionArtifactRequest) (*cloudintegrationtypes.ConnectionArtifact, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "get connection artifact is not supported")
+}
+
+func (m *module) AgentCheckIn(ctx context.Context, orgID valuer.UUID, provider cloudintegrationtypes.CloudProviderType, req *cloudintegrationtypes.AgentCheckInRequest) (*cloudintegrationtypes.AgentCheckInResponse, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "agent check-in is not supported")
+}
+
+func (m *module) GetDashboardByID(ctx context.Context, orgID valuer.UUID, id string) (*dashboardtypes.Dashboard, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "get dashboard by ID is not supported")
+}
+
+func (m *module) ListDashboards(ctx context.Context, orgID valuer.UUID) ([]*dashboardtypes.Dashboard, error) {
+	return nil, errors.New(errors.TypeUnsupported, cloudintegrationtypes.ErrCodeUnsupported, "list dashboards is not supported")
+}
+
+func (m *module) GetCloudProvider(provider cloudintegrationtypes.CloudProviderType) (cloudintegration.CloudProviderModule, error) {
+	panic("unimplemented")
+}

pkg/modules/cloudintegration/implcloudintegration/store.go

@@ -172,3 +172,9 @@ func (store *store) UpdateService(ctx context.Context, service *cloudintegration
 		Exec(ctx)
 	return err
 }
+
+func (store *store) RunInTx(ctx context.Context, cb func(ctx context.Context) error) error {
+	return store.store.RunInTxCtx(ctx, nil, func(ctx context.Context) error {
+		return cb(ctx)
+	})
+}

pkg/signoz/handler.go

@@ -94,6 +94,6 @@ func NewHandlers(
 		QuerierHandler:          querierHandler,
 		ServiceAccountHandler:   implserviceaccount.NewHandler(modules.ServiceAccount),
 		RegistryHandler:         registryHandler,
-		CloudIntegrationHandler: implcloudintegration.NewHandler(),
+		CloudIntegrationHandler: implcloudintegration.NewHandler(modules.CloudIntegration),
 	}
 }

pkg/signoz/module.go

@@ -12,6 +12,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/modules/apdex/implapdex"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain"
 	"github.com/SigNoz/signoz/pkg/modules/authdomain/implauthdomain"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer"
 	"github.com/SigNoz/signoz/pkg/modules/metricsexplorer/implmetricsexplorer"
@@ -51,24 +52,25 @@ import (
 )
 
 type Modules struct {
-	OrgGetter       organization.Getter
-	OrgSetter       organization.Setter
-	Preference      preference.Module
-	UserSetter      user.Setter
-	UserGetter      user.Getter
-	SavedView       savedview.Module
-	Apdex           apdex.Module
-	Dashboard       dashboard.Module
-	QuickFilter     quickfilter.Module
-	TraceFunnel     tracefunnel.Module
-	RawDataExport   rawdataexport.Module
-	AuthDomain      authdomain.Module
-	Session         session.Module
-	Services        services.Module
-	SpanPercentile  spanpercentile.Module
-	MetricsExplorer metricsexplorer.Module
-	Promote         promote.Module
-	ServiceAccount  serviceaccount.Module
+	OrgGetter        organization.Getter
+	OrgSetter        organization.Setter
+	Preference       preference.Module
+	UserSetter       user.Setter
+	UserGetter       user.Getter
+	SavedView        savedview.Module
+	Apdex            apdex.Module
+	Dashboard        dashboard.Module
+	QuickFilter      quickfilter.Module
+	TraceFunnel      tracefunnel.Module
+	RawDataExport    rawdataexport.Module
+	AuthDomain       authdomain.Module
+	Session          session.Module
+	Services         services.Module
+	SpanPercentile   spanpercentile.Module
+	MetricsExplorer  metricsexplorer.Module
+	Promote          promote.Module
+	ServiceAccount   serviceaccount.Module
+	CloudIntegration cloudintegration.Module
 }
 
 func NewModules(
@@ -117,3 +119,12 @@ func NewModules(
 		ServiceAccount:  implserviceaccount.NewModule(implserviceaccount.NewStore(sqlstore), authz, emailing, providerSettings),
 	}
 }
+
+// SetCloudIntegrationModule sets cloud integration module in Modules
+// TODO: find a better way to set the module,
+// why this was done: cloud integration depends on few modules like userSetter which are initialized in NewModules and other deps like zeus/gateway is not present
+// cloud integration is initialized via callback depending on flavor of Signoz ee/community
+func (modules Modules) SetCloudIntegrationModule(module cloudintegration.Module) Modules {
+	modules.CloudIntegration = module
+	return modules
+}

pkg/signoz/signoz.go

@@ -20,9 +20,12 @@ import (
 	"github.com/SigNoz/signoz/pkg/identn"
 	"github.com/SigNoz/signoz/pkg/instrumentation"
 	"github.com/SigNoz/signoz/pkg/licensing"
+	"github.com/SigNoz/signoz/pkg/modules/cloudintegration"
+	pkgimplcloudintegration "github.com/SigNoz/signoz/pkg/modules/cloudintegration/implcloudintegration"
 	"github.com/SigNoz/signoz/pkg/modules/dashboard"
 	"github.com/SigNoz/signoz/pkg/modules/organization"
 	"github.com/SigNoz/signoz/pkg/modules/organization/implorganization"
+	"github.com/SigNoz/signoz/pkg/modules/user"
 	"github.com/SigNoz/signoz/pkg/modules/user/impluser"
 	"github.com/SigNoz/signoz/pkg/prometheus"
 	"github.com/SigNoz/signoz/pkg/querier"
@@ -41,6 +44,7 @@ import (
 	"github.com/SigNoz/signoz/pkg/telemetrytraces"
 	pkgtokenizer "github.com/SigNoz/signoz/pkg/tokenizer"
 	"github.com/SigNoz/signoz/pkg/types/authtypes"
+	"github.com/SigNoz/signoz/pkg/types/cloudintegrationtypes"
 	"github.com/SigNoz/signoz/pkg/types/telemetrytypes"
 	"github.com/SigNoz/signoz/pkg/version"
 	"github.com/SigNoz/signoz/pkg/zeus"
@@ -94,6 +98,7 @@ func New(
 	dashboardModuleCallback func(sqlstore.SQLStore, factory.ProviderSettings, analytics.Analytics, organization.Getter, queryparser.QueryParser, querier.Querier, licensing.Licensing) dashboard.Module,
 	gatewayProviderFactory func(licensing.Licensing) factory.ProviderFactory[gateway.Gateway, gateway.Config],
 	querierHandlerCallback func(factory.ProviderSettings, querier.Querier, analytics.Analytics) querier.Handler,
+	cloudIntegrationCallback func(cloudintegrationtypes.Store, zeus.Zeus, gateway.Gateway, licensing.Licensing, user.Getter, user.Setter) cloudintegration.Module,
 ) (*SigNoz, error) {
 	// Initialize instrumentation
 	instrumentation, err := instrumentation.New(ctx, config.Instrumentation, version.Info, "signoz")
@@ -410,6 +415,10 @@ func New(
 	// Initialize all modules
 	modules := NewModules(sqlstore, tokenizer, emailing, providerSettings, orgGetter, alertmanager, analytics, querier, telemetrystore, telemetryMetadataStore, authNs, authz, cache, queryParser, config, dashboard, userGetter, userRoleStore)
 
+	cloudIntegrationStore := pkgimplcloudintegration.NewStore(sqlstore)
+	cloudIntegrationModule := cloudIntegrationCallback(cloudIntegrationStore, zeus, gateway, licensing, userGetter, modules.UserSetter)
+	modules = modules.SetCloudIntegrationModule(cloudIntegrationModule)
+
 	// Initialize identN resolver
 	identNFactories := NewIdentNProviderFactories(sqlstore, tokenizer, orgGetter, userGetter, config.User)
 	identNResolver, err := identn.NewIdentNResolver(ctx, providerSettings, config.IdentN, identNFactories)

pkg/types/cloudintegrationtypes/account.go

@@ -1,8 +1,10 @@
 package cloudintegrationtypes
 
 import (
+	"encoding/json"
 	"time"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/types"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
@@ -42,3 +44,61 @@ type UpdatableAccount struct {
 type AWSAccountConfig struct {
 	Regions []string `json:"regions" required:"true" nullable:"false"`
 }
+
+func NewAccount(orgID valuer.UUID, provider CloudProviderType, config *AccountConfig) *Account {
+	return &Account{
+		Identifiable: types.Identifiable{
+			ID: valuer.GenerateUUID(),
+		},
+		TimeAuditable: types.TimeAuditable{
+			CreatedAt: time.Now(),
+			UpdatedAt: time.Now(),
+		},
+		OrgID:    orgID,
+		Provider: provider,
+		Config:   config,
+	}
+}
+
+func NewAccountConfigFromPostableArtifact(provider CloudProviderType, artifact *PostableConnectionArtifact) (*AccountConfig, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		if artifact.Aws == nil {
+			return nil, errors.NewInternalf(errors.CodeInternal, "AWS artifact is nil")
+		}
+		return &AccountConfig{
+			AWS: &AWSAccountConfig{
+				Regions: artifact.Aws.Regions,
+			},
+		}, nil
+	}
+
+	return nil, errors.NewInternalf(errors.CodeInternal, "unsupported provider type")
+}
+
+func NewArtifactRequestFromPostableArtifact(provider CloudProviderType, artifact *PostableConnectionArtifact) (*ConnectionArtifactRequest, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		if artifact.Aws == nil {
+			return nil, errors.NewInternalf(errors.CodeInternal, "AWS artifact is nil")
+		}
+		return &ConnectionArtifactRequest{
+			Aws: &AWSConnectionArtifactRequest{
+				DeploymentRegion: artifact.Aws.DeploymentRegion,
+				Regions:          artifact.Aws.Regions,
+			},
+		}, nil
+	}
+
+	return nil, errors.NewInternalf(errors.CodeInternal, "unsupported provider type")
+}
+
+// MarshalJSON return JSON bytes for the account config
+// NOTE: this entertains first non-null provider's config
+func (config *AccountConfig) MarshalJSON() ([]byte, error) {
+	if config.AWS != nil {
+		return json.Marshal(config.AWS)
+	}
+
+	return nil, errors.NewInternalf(errors.CodeInternal, "no provider account config found")
+}

pkg/types/cloudintegrationtypes/cloudintegration.go

@@ -13,6 +13,7 @@ import (
 )
 
 var (
+	ErrCodeUnsupported                          = errors.MustNewCode("cloud_integration_unsupported")
 	ErrCodeCloudIntegrationNotFound             = errors.MustNewCode("cloud_integration_not_found")
 	ErrCodeCloudIntegrationAlreadyExists        = errors.MustNewCode("cloud_integration_already_exists")
 	ErrCodeCloudIntegrationServiceNotFound      = errors.MustNewCode("cloud_integration_service_not_found")
@@ -81,3 +82,19 @@ func (r *StorableAgentReport) Value() (driver.Value, error) {
 	// Return as string instead of []byte to ensure PostgreSQL stores as text, not bytes
 	return string(serialized), nil
 }
+
+func NewStorableCloudIntegration(account *Account) (*StorableCloudIntegration, error) {
+	configBytes, err := account.Config.MarshalJSON()
+	if err != nil {
+		return nil, err
+	}
+
+	return &StorableCloudIntegration{
+		Identifiable:  account.Identifiable,
+		TimeAuditable: account.TimeAuditable,
+		Provider:      account.Provider,
+		Config:        string(configBytes),
+		AccountID:     nil, // updated during agent check in
+		OrgID:         account.OrgID,
+	}, nil
+}

pkg/types/cloudintegrationtypes/cloudprovider.go

@@ -1,6 +1,8 @@
 package cloudintegrationtypes
 
 import (
+	"fmt"
+
 	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/SigNoz/signoz/pkg/valuer"
 )
@@ -39,3 +41,29 @@ func NewCloudProvider(provider string) (CloudProviderType, error) {
 		return CloudProviderType{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider)
 	}
 }
+
+func GetCloudProviderEmail(provider CloudProviderType) (valuer.Email, error) {
+	switch provider {
+	case CloudProviderTypeAWS:
+		return AWSIntegrationUserEmail, nil
+	case CloudProviderTypeAzure:
+		return AzureIntegrationUserEmail, nil
+	default:
+		return valuer.Email{}, errors.NewInvalidInputf(ErrCodeCloudProviderInvalidInput, "invalid cloud provider: %s", provider.StringValue())
+	}
+}
+
+func NewIngestionKeyName(provider CloudProviderType) string {
+	return fmt.Sprintf("%s-integration", provider.StringValue())
+}
+
+func NewIntegrationUserDisplayName(provider CloudProviderType) string {
+	return fmt.Sprintf("%s-integration", provider.StringValue())
+}
+
+// NewAPIKeyName returns API key name for cloud integration provider
+// TODO: figure out way to migrate API keys to have similar naming convention as ingestion key
+// ie. "{cloud-provider}-integration", and then remove this function.
+func NewAPIKeyName(provider CloudProviderType) string {
+	return fmt.Sprintf("%s integration", provider.StringValue())
+}

pkg/types/cloudintegrationtypes/connection.go

@@ -79,3 +79,10 @@ type AWSIntegrationConfig struct {
 	EnabledRegions []string               `json:"enabledRegions" required:"true" nullable:"false"`
 	Telemetry      *AWSCollectionStrategy `json:"telemetry" required:"true" nullable:"false"`
 }
+
+type SignozCredentials struct {
+	SigNozAPIURL string
+	SigNozAPIKey string // PAT
+	IngestionURL string
+	IngestionKey string
+}

pkg/types/cloudintegrationtypes/store.go

@@ -38,4 +38,6 @@ type Store interface {
 
 	// UpdateService updates an existing cloud integration service
 	UpdateService(ctx context.Context, service *StorableCloudIntegrationService) error
+
+	RunInTx(context.Context, func(ctx context.Context) error) error
 }

pkg/types/zeustypes/types.go

@@ -1,8 +1,10 @@
 package zeustypes
 
 import (
+	"fmt"
 	"net/url"
 
+	"github.com/SigNoz/signoz/pkg/errors"
 	"github.com/tidwall/gjson"
 )
 
@@ -56,3 +58,24 @@ func NewGettableHost(data []byte) *GettableHost {
 		Hosts: hosts,
 	}
 }
+
+// GettableDeployment represents the parsed deployment info from zeus.GetDeployment.
+type GettableDeployment struct {
+	Name         string
+	SignozAPIUrl string
+}
+
+// NewGettableDeployment parses raw GetDeployment bytes into a GettableDeployment.
+func NewGettableDeployment(data []byte) (*GettableDeployment, error) {
+	parsed := gjson.ParseBytes(data)
+	name := parsed.Get("name").String()
+	dns := parsed.Get("cluster.region.dns").String()
+	if name == "" || dns == "" {
+		return nil, errors.NewInternalf(errors.CodeInternal,
+			"deployment info response missing name or cluster region dns")
+	}
+	return &GettableDeployment{
+		Name:         name,
+		SignozAPIUrl: fmt.Sprintf("https://%s.%s", name, dns),
+	}, nil
+}