Skip to main content
Version: 1.1

wf create cloudaccounts

wf create cloudaccounts

Allows Wayfinder to use a cloud account

Synopsis

Adds a cloud account to Wayfinder that it can use for provisioning workspace infrastructure or performing account management activities.

You must choose whether to allocate the account to all workspaces (using --all-workspaces) or to specific workspaces (using --allocate workspace1,workspace2,etc).

When creating an organization for account automation, you can also specify optional suffixes and prefixes for production and non-production accounts. This can be configured in more detail on the Wayfinder UI or by preparing a cloud account manifest to use with 'wf apply'.

wf create cloudaccounts [flags]

Examples


# Add an account, being prompted for all the values:
$ wf create cloudaccount [accountname]

# Alternatively, use flags to set the values needed as follows.

# Create GCP shared account for all workspaces:
$ wf create cloudaccount gcp-shared -c gcp --type shared -i project-id \
--default-region europe-west2 --cred cred-name --all-workspaces

# Create GCP organization account for all workspaces:
$ wf create cloudaccount gcp-org -c gcp --type organization -i admin-project-id \
--default-region europe-west2 --cred cred-name --all-workspaces \
--org-id 1234567890 \
--gcp-billing-account 012ABC-ABC987-246EFA

# Create AWS shared account for workspace1 and workspace2:
$ wf create cloudaccount aws-shared -c aws --type shared -i 123456654321 \
--default-region eu-west-2 --cred cred-name --allocate workspace1,workspace2

# Create AWS organization account for all workspaces:
$ wf create cloudaccount aws-org -c aws --type organization -i 123456654321 \
--default-region eu-west-2 --cred cred-name --all-workspaces \
--aws-org-ou wf-managed --aws-org-sso-email 'example@your.org' \
--aws-org-sso-first-name Horse --aws-org-sso-last-name McFarlane \
--aws-org-control-tower-region eu-west-1

# Create Azure shared account for all workspaces:
$ wf create cloudaccount azure-shared -c azure --type shared -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-workspaces

# Create Azure organization account for an MCA agreement type for all workspaces:
$ wf create cloudaccount azure-org -c azure --type organization -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-workspaces \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type MCA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-mca-billing-profile AW4F-APQW-0AH-ABC \
--azure-mca-invoice-section PQRS-ALDS-012-DEF \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-mgt-group wf-subscription-mgt-group

# Create Azure organization account for an EA agreement type for all workspaces,
# with the optional subscription contributor set:
$ wf create cloudaccount azure-org -c azure --type organization -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-workspaces \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type EA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-ea-enrollment-account 7654321 \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-subscription-contributor 9876a1234-a1b2-c3d4-e5f6-abcd1234ef64 \
--azure-mgt-group wayfinder-subscription-mgt-group

Options

      --account-prefix string                   prefix to use for naming rules (default "wf")
--all-workspaces make this account available to all workspaces
-a, --allocate stringArray list of workspaces to allocate to, e.g. workspace1,workspace2
--aws-org-control-tower-region string the AWS Region in which Control Tower is installed for your organization (for AWS accounts of type organization)
--aws-org-ou string the AWS OU Name in which to provision accounts (for AWS accounts of type organization)
--aws-org-role-arn string the AWS Role ARN to be assumed when provisioning accounts (for AWS accounts of type organization) - needed only if NOT using wf setup roles to provision this for you
--aws-org-sso-email string the AWS SSO User Email to own provisioned accounts (for AWS accounts of type organization)
--aws-org-sso-first-name string the AWS SSO User First Name to own provisioned accounts (for AWS accounts of type organization)
--aws-org-sso-last-name string the AWS SSO User Last Name to own provisioned accounts (for AWS accounts of type organization)
--azure-agreement-type string the Azure agreement type (MCA or EA) (for Azure accounts of type organization)
--azure-billing-account string the Azure Billing Account ID (for Azure accounts of type organization
--azure-ea-enrollment-account string the Azure Enrollment Account ID (for Azure accounts of type organization, agreement type EA)
--azure-mca-billing-profile string the Azure Billing Profile ID (for Azure accounts of type organization, agreement type MCA)
--azure-mca-invoice-section string the Azure Invoice Section ID (for Azure accounts of type organization, agreement type MCA)
--azure-mgt-group string the ID of an Azure Management Group to nest created subscriptions in (for Azure accounts of type organization)
--azure-subscription-contributor string the Object ID of an Azure AD Principal to be given contributor access to created subscriptions (for Azure accounts of type organization)
--azure-subscription-owner string the Object ID of an Azure AD Principal to own created subscriptions (for Azure accounts of type organization)
-c, --cloud string the cloud this account is for: gcp, aws, azure
--cred string the name of a cloudcredential to use to access this account - this must exist before you can create an account, use wf create cloudcredentials
--default-region string the default region for this account when a specific region is not provided for an operation
-d, --description string longer description of this account which workspaces will see if they have multiple allocated accounts
--dry-run shows the resource but does not apply or create (defaults: false)
--features stringArray ways in which this cloud account will be used
--gcp-billing-account string the GCP Billing Account ID (for GCP accounts of type organization)
-h, --help help for cloudaccounts
-i, --identifier string the cloud provider's identifier for the account, i.e. AWS Account ID, GCP Project, Azure Subscription ID
--no-allocation don't allocate this cloud account to a workspace
--org-id string the cloud provider's identifier for the organization, i.e. GCP Org ID, Azure Tenant ID (required for accounts of type organization on GCP and Azure)
--stage string stage this account can be used for
--type string the type of account: shared (for workspace infrastructure), organization (for account automation)

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within

SEE ALSO