Provisioning a server on behalf of a user on GCP/AWS/Azure and probably relinquish access

I'd like to build a service where I run a custom setup script on behalf of a user on an t2.micro equivalent instance but be able to probably relinquish access to the server. Any advice on the tech stack and flows that I could use to accomplish this?

Let's assume I have unlimited access to AWS resources to create as many instances as I like. The service is targeted at users unfamiliar with how even ssh works and we are basically setting up a custom software service automatically that runs on their dedicated service. But we need to prove that there is no way we can gain access to this user's server again.

Any help about creative ways to accomplish this?

Rather than provisioning resources on-behalf of a user which would require them exposing their credentials to you in some way, I would implement this using the various marketplaces:

• Azure: Virtual Machine Offer Publishing

• AWS: How to List Your Product in AWS

• GCP: Sell on GCP

This has a couple of advantages:

• It's fully automated, you are never exposed to their subscriptions thus you don't need to prove that you no longer have access - you never had it in the first place.

• Everything is created within the customer's Subscription (Azure), Account (AWS) or Project (GCP) thus they bear all of the costs, you then get money from the cloud provider based upon how you price yourself in the marketplace.

• You can generally create more than just a VM, i.e. you could create a PaaS Database for persistence.

StackExchange DevOps Q#9447, answer score: 2