Version: 0.7

kore create cloudaccounts

kore create cloudaccounts#

Allows Kore to use a cloud account

Synopsis#

Adds a cloud account to Kore that it can use for provisioning team infrastructure or performing account management activities.

You must choose whether to allocate the account to all teams (via --all-teams) or to specific teams (via --allocate team1,team2,etc).

When creating an organization for account automation, you can also specify optional suffixes and prefixes for production and non-production accounts. This can be configured in more detail on the Kore UI or by preparing a cloud account manifest to use with 'kore apply'.

kore create cloudaccounts [flags]

Examples#

# Add an account, being prompted for all the values:
$ kore create cloudaccount [accountname]
# Alternatively, use flags to set the values needed as follows.
# Create GCP shared account for all teams:
$ kore create cloudaccount gcp-shared -c gcp --type shared -i project-id \
--default-region europe-west2 --cred cred-name --all-teams
# Create GCP organization account for all teams:
$ kore create cloudaccount gcp-org -c gcp --type organization -i admin-project-id \
--default-region europe-west2 --cred cred-name --all-teams \
--org-id 1234567890 \
--gcp-billing-account 012ABC-ABC987-246EFA
# Create AWS shared account for team1 and team2:
$ kore create cloudaccount aws-shared -c aws --type shared -i 123456654321 \
--default-region eu-west-2 --cred cred-name --allocate team1,team2
# Create AWS organization account for all teams:
$ kore create cloudaccount aws-org -c aws --type organization -i 123456654321 \
--default-region eu-west-2 --cred cred-name --all-teams \
--aws-org-ou kore-managed --aws-org-sso-email 'example@your.org' \
--aws-org-sso-first-name Horse --aws-org-sso-last-name McFarlane \
--aws-org-control-tower-region eu-west-1
# Create Azure shared account for all teams:
$ kore create cloudaccount azure-shared -c azure --type shared -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-teams
# Create Azure organization account for an MCA agreement type for all teams:
$ kore create cloudaccount azure-org -c azure --type organization -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-teams \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type MCA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-mca-billing-profile AW4F-APQW-0AH-ABC \
--azure-mca-invoice-section PQRS-ALDS-012-DEF \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-mgt-group kore-subscription-mgt-group
# Create Azure organization account for an EA agreement type for all teams,
# with the optional subscription contributor set:
$ kore create cloudaccount azure-org -c azure --type organization -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-teams \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type EA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-ea-enrollment-account 7654321 \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-subscription-contributor 9876a1234-a1b2-c3d4-e5f6-abcd1234ef64 \
--azure-mgt-group kore-subscription-mgt-group

Options#

--account-prefix-notprod string the prefix to use for not-prod account names (for accounts automation) (default "kore")
--account-prefix-prod string the prefix to use for prod account names (for account automation) (default "kore")
--account-suffix-notprod string the suffix to use for not-prod account names (for account automation) (default "notprod")
--account-suffix-prod string the suffix to use for prod account names (for account automation) (default "prod")
--all-teams make this account available to all teams
-a, --allocate stringArray list of teams to allocate to, e.g. team1,team2
--aws-org-control-tower-region string the AWS Region in which Control Tower is installed for your organization (for AWS accounts of type organization)
--aws-org-ou string the AWS OU Name in which to provision accounts (for AWS accounts of type organization)
--aws-org-role-arn string the AWS Role ARN to be assumed when provisioning accounts (for AWS accounts of type organization) - needed only if NOT using kore setup roles to provision this for you
--aws-org-sso-email string the AWS SSO User Email to own provisioned accounts (for AWS accounts of type organization)
--aws-org-sso-first-name string the AWS SSO User First Name to own provisioned accounts (for AWS accounts of type organization)
--aws-org-sso-last-name string the AWS SSO User Last Name to own provisioned accounts (for AWS accounts of type organization)
--azure-agreement-type string the Azure agreement type (MCA or EA) (for Azure accounts of type organization)
--azure-billing-account string the Azure Billing Account ID (for Azure accounts of type organization
--azure-ea-enrollment-account string the Azure Enrollment Account ID (for Azure accounts of type organization, agreement type EA)
--azure-mca-billing-profile string the Azure Billing Profile ID (for Azure accounts of type organization, agreement type MCA)
--azure-mca-invoice-section string the Azure Invoice Section ID (for Azure accounts of type organization, agreement type MCA)
--azure-mgt-group string the ID of an Azure Management Group to nest created subscriptions in (for Azure accounts of type organization)
--azure-subscription-contributor string the Object ID of an Azure AD Principal to be given contributor access to created subscriptions (for Azure accounts of type organization)
--azure-subscription-owner string the Object ID of an Azure AD Principal to own created subscriptions (for Azure accounts of type organization)
-c, --cloud string the cloud this account is for: gcp, aws, azure
--cred string the name of a cloudcredential to use to access this account - this must exist before you can create an account, use kore create cloudcredentials
--default-region string the default region for this account when a specific region is not provided for an operation
-d, --description string longer description of this account which teams will see if they have multiple allocated accounts
--dry-run shows the resource but does not apply or create (defaults: false)
--features stringArray ways in which this cloud account will be used
--gcp-billing-account string the GCP Billing Account ID (for GCP accounts of type organization)
-h, --help help for cloudaccounts
-i, --identifier string the cloud provider's identifier for the account, i.e. AWS Account ID, GCP Project, Azure Subscription ID
--org-id string the cloud provider's identifier for the organization, i.e. GCP Org ID, Azure Tenant ID (required for accounts of type organization on GCP and Azure)
--type string the type of account: shared (for team infrastructure), organization (for account automation)

Options inherited from parent commands#

--debug indicates we should use debug / trace logging (defaults: false)
--force is used to force an operation to happen (defaults: false)
--no-wait indicates if we should wait for resources to provision
-o, --output string the output format of the resource (json,yaml,table,template) (default "table")
--profile string allows you to explicitly set the selected profile
--show-headers indicates we should display headers on table out (default true)
-t, --team string the team you are operating within
--verbose enables verbose logging for debugging purposes (defaults: false)

SEE ALSO#