Resource Browser
Resource Browser
Beyond Kubernetes, Cloud Ops provides resource listing operations across AWS, GCP, and Azure. List EC2 instances, S3 buckets, Compute Engine VMs, Cloud Storage buckets, Azure VMs, and Blob Storage containers β all from the Planton CLI, all routed through the secure tunnel without distributing cloud console credentials.
Why It Matters
Infrastructure administrators typically need to check resource state across multiple cloud accounts and providers β a quick look at which EC2 instances are running, how many storage buckets exist, or whether Azure VMs are healthy. Without Cloud Ops, this means switching between three cloud consoles, each with their own credentials and IAM policies.
Cloud Ops collapses this into a single CLI interface. The credentials stay in customer infrastructure (on the Planton Runner), and the administrator's access is controlled through Planton's connection authorization model rather than per-provider IAM.
AWS Operations
List EC2 Instances
List EC2 instances with optional filters:
planton aws ec2 describe-instances --connection aws-prod --region us-east-1
The describe-instances command (also aliased as ls) accepts the following flags:
| Flag | Required | Default | Description |
|---|---|---|---|
--region | Yes | β | AWS region to query |
--connection | No | β | AWS connection slug (uses default if empty) |
--env | No | β | Environment slug for default connection resolution |
--instance-ids | No | β | Specific instance IDs to describe |
--filters | No | β | Filter expressions in Name=value format |
--output | No | table | Output format: table, json, yaml |
Filter examples:
# List only running instances
planton aws ec2 ls --connection aws-prod --region us-east-1 \
--filters "instance-state-name=running"
# Filter by instance type
planton aws ec2 ls --connection aws-prod --region us-west-2 \
--filters "instance-type=t3.medium"
List S3 Buckets
List all S3 buckets accessible through a connection:
planton aws s3 ls --connection aws-prod
| Flag | Required | Default | Description |
|---|---|---|---|
--connection | No | β | AWS connection slug (uses default if empty) |
--env | No | β | Environment slug for default connection resolution |
--region | No | β | AWS region for SDK client initialization |
--output | No | table | Output format: table, json, yaml |
GCP Operations
The GCP commands use planton gcp (or the alias planton gcloud).
List Compute Engine Instances
List VM instances in a project:
planton gcp compute instances list --connection gcp-prod --project my-gcp-project
The list command (also aliased as ls) accepts the following flags:
| Flag | Required | Default | Description |
|---|---|---|---|
--project | Yes | β | GCP project ID |
--connection | No | β | GCP connection slug (uses default if empty) |
--env | No | β | Environment slug for default connection resolution |
--zone | No | - (all zones) | GCP zone to query |
--filter | No | β | GCP filter expression |
--output | No | table | Output format: table, json, yaml |
Filter examples:
# List only running instances
planton gcp compute instances ls --connection gcp-prod --project my-project \
--filter "status=RUNNING"
# Filter by label
planton gcp compute instances ls --connection gcp-prod --project my-project \
--filter "labels.env=production"
List Cloud Storage Buckets
List storage buckets in a project:
planton gcp storage buckets list --connection gcp-prod --project my-gcp-project
| Flag | Required | Default | Description |
|---|---|---|---|
--project | Yes | β | GCP project ID |
--connection | No | β | GCP connection slug (uses default if empty) |
--env | No | β | Environment slug for default connection resolution |
--prefix | No | β | Filter bucket names by prefix |
--output | No | table | Output format: table, json, yaml |
Azure Operations
The Azure commands use planton azure (or the alias planton az).
List Virtual Machines
List VMs in an Azure subscription:
planton azure vm list --connection azure-prod --subscription my-subscription-id
The list command (also aliased as ls) accepts the following flags:
| Flag | Required | Default | Description |
|---|---|---|---|
--subscription | Yes | β | Azure subscription ID |
--connection | No | β | Azure connection slug (uses default if empty) |
--env | No | β | Environment slug for default connection resolution |
-g, --resource-group | No | β | Filter VMs to a specific resource group |
--output | No | table | Output format: table, json, yaml |
List Blob Storage Containers
List blob containers in an Azure Storage account:
planton azure storage container list --connection azure-prod \
--subscription my-subscription-id \
-g my-resource-group \
--storage-account mystorageaccount
| Flag | Required | Default | Description |
|---|---|---|---|
--subscription | Yes | β | Azure subscription ID |
-g, --resource-group | Yes | β | Resource group containing the storage account |
--storage-account | Yes | β | Azure Storage Account name |
--connection | No | β | Azure connection slug (uses default if empty) |
--env | No | β | Environment slug for default connection resolution |
--prefix | No | β | Filter container names by prefix |
--output | No | table | Output format: table, json, yaml |
Connection Resolution
All resource browser commands follow the same connection resolution pattern. When you run a command, Cloud Ops determines which credential to use:
- Explicit connection β If
--connectionis provided, use that credential directly - Environment default β If
--connectionis empty but--envis provided, look up the default connection for that environment and provider - Organization default β If neither is provided, look up the organization-level default connection for the provider
This means you can skip the --connection flag entirely if you have default connections configured:
# Uses the org-level default AWS connection
planton aws s3 ls
# Uses the environment-level default AWS connection for prod
planton aws ec2 ls --env prod --region us-east-1
Current Scope
AWS, GCP, and Azure operations currently support resource listing. Kubernetes has the full operation set β pod management, log streaming, exec, resource editing, and deletion.
The Cloud Ops architecture is provider-extensible. The same tunnel routing, connection resolution, and authorization model applies across all providers. Richer operation sets for non-Kubernetes providers will be added based on demand.
Related Documentation
- Operations Overview β What Cloud Ops is, dual access modes, how the tunnel works
- Kubernetes Operations β Full Kubernetes operations reference
- Connections > Cloud Providers β How AWS, GCP, and Azure credentials are managed
- Connections > Default Connections β How default connection resolution works
Next article
