Framework for customer control and auditing of operator access to infrastructure in a cloud service

What is claimed is: 1. A method, comprising: configuring a customer access control mechanism for a computing resource of a cloud infrastructure, wherein the computing resource is managed by a cloud provider, and the customer access control mechanism comprises: a set of access control profiles pertaining to access by the cloud provider operator to the computing resource; and an access policy that comprises one or more customer access control profiles; processing the access request from the cloud provider operator to access the computing resource of the cloud infrastructure; and permitting the cloud provider operator to access the computing resource according to an approved access control profile at least by: modifying an operating system environment for the cloud provider operator into a modified operating system environment in which the access request is executed; and creating a temporary user account for the cloud provider operator based at least in part upon the modified operating system environment; and logging one or more activities by the temporary user account in the cloud infrastructure resource. 2. The method of claim 1 , wherein an existing user account for the cloud provider operator is removed or disabled prior to receiving the access request from the cloud provider operator. 3. The method of claim 1 , further comprising sending a request to a customer user to approve or deny the access request by the cloud provider operator, wherein the request sent to the customer user is based at least in part upon the access policy. 4. The method of claim 1 , wherein the access control profiles comprise a named and pre-defined profile of one or more permitted activities by the cloud provider operator to operate one or more commands or access portions of the cloud infrastructure or the computing resource. 5. The method of claim 1 , wherein the temporary user account for the cloud provider operator is created by being seeded with a key of the cloud provider operator. 6. The method of claim 1 , wherein the cloud provider operator uses a Secure Shell (SSH) to log into the cloud infrastructure resource using the temporary user account. 7. The method of claim 1 , further comprising establishing a perimeter within an execution environment of an operating system for the cloud provider operator, wherein the access request is executed within the perimeter, and a chroot environment is created for the temporary user account and the cloud provider operator. 8. The method of claim 1 , wherein automated approval is provided for one or more certain types of access requests by the cloud provider operator, and the one or more certain types of access requests include a read-only access request that is automatically granted in response to the access request. 9. The method of claim 1 , wherein logging the one or more activities comprises generating a log record that is placed into a log repository according to a specified time interval. 10. The method of claim 1 , wherein access for the cloud provider operator is revoked prior to receiving the access request from the cloud provider operator by expiry of a timeout period or by express revocation of the access from an instruction by a customer user. 11. A computer program product embodied on a non-transitory computer readable medium, the non-transitory computer readable medium having stored thereon a sequence of instructions which, when executed by a processor, causes the processor to execute a set of acts comprising: configuring a customer access control mechanism for a computing resource of a cloud infrastructure, wherein the computing resource managed by a cloud provider, and the customer access control mechanism comprises: a set of access control profiles pertaining to access by a cloud provider operator to the cloud infrastructure resource; and an access policy that comprises one or more access control profiles; processing an access request from the cloud provider operator to access the computing resource of the cloud infrastructure; and permitting the cloud provider operator to access the cloud infrastructure resource according to an approved access control profile, wherein access is provided to the cloud provider operator by: modifying an operating system environment for the cloud provider operator into a modified operating system environment in which the access request is executed; and creating a temporary user account for the cloud provider operator based at least in part upon the modified operating system environment; and logging one or more activities by the temporary user account in the cloud infrastructure resource. 12. The computer program product of claim 11 , wherein the sequence of instructions when executed by the processor removes or disables an existing user account for the cloud provider operator prior to receiving the access request from the cloud provider operator. 13. The computer program product of claim 11 , wherein the sequence of instructions when executed by the processor further performs sending a request to a customer user to approve or deny the access request by the cloud provider operator, wherein the request sent to the customer user is based at least in part upon the access policy. 14. The computer program product of claim 11 , wherein the access control profiles comprise a named and pre-defined profile of one or more permitted activities by the cloud provider operator to operate one or more commands or access portions of the cloud infrastructure or the computing resource. 15. The computer program product of claim 11 , wherein the temporary user account for the cloud provider operator is created by being seeded with public key of the cloud provider operator. 16. The computer program product of claim 11 , wherein the sequence of instructions when executed by the processor uses the temporary user account to permit the cloud provider operator to use a Secure Shell (SSH) to log into the cloud infrastructure resource. 17. The computer program product of claim 11 , wherein the sequence of instructions when executed by the processor causes the processor to execute the set of acts, the set of acts further comprising establishing a perimeter within an execution environment of an operating system for the cloud provider operator, and creating a chroot environment for the temporary user account and the cloud provider operator. 18. The computer program product of claim 11 , wherein the sequence of instructions when executed by the processor provides automated approval for one or more certain types of access requests by the cloud provider operator, and the one or more certain types of access requests include a read-only access request that is automatically granted in response to the access request. 19. The computer program product of claim 11 , wherein the sequence of instructions when executed by the processor logs the activities by generating a log record that is placed into a log repository according to a specified time interval. 20. The computer program product of claim 11 , wherein the sequence of instructions, when executed by the processor, causes the processor to revoke, prior to receiving the access request from the cloud provider operator, access for the cloud provider operator by expiry of a timeout period or by express revocation of the access from an instruction by a customer user. 21. A system, comprising: a processor; a memory for holding programmable code; and wherein the programmable code includes instructions executabl