Skip to main content
Version: 1.5

wf access cloudaccount

wf access cloudaccount

Provides short-lived access to a cloud account owned by your workspace


Provides access to a cloud account owned by your workspace.

Choose a role representing the access you need to receive time-limited permission to perform activities against your cloud account.

When this access expires simply re-run $ wf access cloudaccount.

Run without any parameters to be prompted for all values.

wf access cloudaccount [flags]


# General usage:
$ wf access cloudaccount [cloudaccountname] [--role rolename] --portal|--env|-- command

# Get access to the EC2 Read Only role to a cloud account and use it to run AWS CLI:
$ wf access cloudaccount aws-org-coolworkspace-nonprod --role AmazonEC2ReadOnlyAccess -- aws ec2 describe-instances

# To be prompted for possible cloud accounts and roles, omit those
# parameters, i.e.:
$ wf access cloudaccount -- command
$ wf access cloudaccount --portal

# To add the environment variables for accessing the cloud account to
# your current shell process:
$ source <(wf access cloudaccount aws-org-coolworkspace-nonprod --role admin --env)

# After sourcing, for example, use the AWS CLI:
$ aws eks list-clusters

# Open the AWS web console in your account:
$ wf access cloudaccount aws-org-coolworkspace-nonprod --role admin --portal


      --dry-run       shows the role assumption details to be requested, but does not actually request the access
--env run with --env to support sourcing into your current shell
-h, --help help for cloudaccount
--list-roles lists the roles you have access to
--portal opens the applicable web console/portal for this cloud account - for example the AWS Console, Azure Portal
-r, --role string role to assume

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within


  • wf access - Gains access to a Wayfinder-managed resource