Skip to main content
Version: 1.5

wf access cloudaccount

wf access cloudaccount​

Provides short-lived access to a cloud account owned by your workspace

Synopsis​

Provides access to a cloud account owned by your workspace.

Choose a role representing the access you need to receive time-limited permission to perform activities against your cloud account.

When this access expires simply re-run $ wf access cloudaccount.

Run without any parameters to be prompted for all values.

wf access cloudaccount [flags]

Examples​


# General usage:
$ wf access cloudaccount [cloudaccountname] [--role rolename] --portal|--env|-- command

# Get access to the EC2 Read Only role to a cloud account and use it to run AWS CLI:
$ wf access cloudaccount aws-org-coolworkspace-nonprod --role AmazonEC2ReadOnlyAccess -- aws ec2 describe-instances

# To be prompted for possible cloud accounts and roles, omit those
# parameters, i.e.:
$ wf access cloudaccount -- command
$ wf access cloudaccount --portal

# To add the environment variables for accessing the cloud account to
# your current shell process:
$ source <(wf access cloudaccount aws-org-coolworkspace-nonprod --role admin --env)

# After sourcing, for example, use the AWS CLI:
$ aws eks list-clusters

# Open the AWS web console in your account:
$ wf access cloudaccount aws-org-coolworkspace-nonprod --role admin --portal

Options​

      --dry-run       shows the role assumption details to be requested, but does not actually request the access
      --env           run with --env to support sourcing into your current shell
  -h, --help          help for cloudaccount
      --list-roles    lists the roles you have access to
      --portal        opens the applicable web console/portal for this cloud account - for example the AWS Console, Azure Portal
  -r, --role string   role to assume

Options inherited from parent commands​

      --debug              Indicates we should use debug / trace logging (default: false)
      --force              Used to force an operation to happen (default: false)
      --no-wait            Indicates we should not wait for resources to provision
  -o, --output string      Output format of the resource (json,yaml,table,template) (default "table")
      --profile string     Use a profile other than your default for this command
      --show-headers       Indicates we should display headers on table out (default true)
      --verbose            Enables verbose logging for debugging purposes (default: false)
  -w, --workspace string   The workspace you are operating within

SEE ALSO​

  • wf access - Gains access to a Wayfinder-managed resource
Last updated on 24 Oct 2022