wf create cloudaccounts
wf create cloudaccounts​
Allows Wayfinder to use a cloud account
Synopsis​
Adds a cloud account to Wayfinder that it can use for provisioning workspace infrastructure or performing account management activities.
You must choose whether to allocate the account to all workspaces (using --all-workspaces) or to specific workspaces (using --allocate workspace1,workspace2,etc).
When creating an organization for account automation, you can also specify optional suffixes and prefixes for production and non-production accounts. This can be configured in more detail on the Wayfinder UI or by preparing a cloud account manifest to use with 'wf apply'.
wf create cloudaccounts [flags]
Examples​
# Add an account, being prompted for all the values:
$ wf create cloudaccount [accountname]
# Alternatively, use flags to set the values needed as follows.
# Create GCP shared account for all workspaces:
$ wf create cloudaccount gcp-shared -c gcp --type shared -i project-id \
--default-region europe-west2 --cred cred-name --all-workspaces
# Create GCP organization account for all workspaces:
$ wf create cloudaccount gcp-org -c gcp --type organization -i admin-project-id \
--default-region europe-west2 --cred cred-name --all-workspaces \
--org-id 1234567890 \
--gcp-billing-account 012ABC-ABC987-246EFA
# Create AWS shared account for workspace1 and workspace2:
$ wf create cloudaccount aws-shared -c aws --type shared -i 123456654321 \
--default-region eu-west-2 --cred cred-name --stage production \
--allocate workspace1,workspace2
# Create AWS organization account for all workspaces:
$ wf create cloudaccount aws-org -c aws --type organization -i 123456654321 \
--default-region eu-west-2 --cred cred-name --all-workspaces \
--aws-org-ou wf-managed --aws-org-sso-email 'example@your.org' \
--aws-org-sso-first-name Horse --aws-org-sso-last-name McFarlane \
--aws-org-control-tower-region eu-west-1
# Create Azure shared account for all workspaces:
$ wf create cloudaccount azure-shared -c azure --type shared -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-workspaces
# Create Azure organization account for an MCA agreement type for all workspaces:
$ wf create cloudaccount azure-org -c azure --type organization -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-workspaces \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type MCA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-mca-billing-profile AW4F-APQW-0AH-ABC \
--azure-mca-invoice-section PQRS-ALDS-012-DEF \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-mgt-group wf-subscription-mgt-group
# Create Azure organization account for an EA agreement type for all workspaces,
# with the optional subscription contributor set:
$ wf create cloudaccount azure-org -c azure --type organization -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --cred cred-name --all-workspaces \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type EA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-ea-enrollment-account 7654321 \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-subscription-contributor 9876a1234-a1b2-c3d4-e5f6-abcd1234ef64 \
--azure-mgt-group wayfinder-subscription-mgt-group
Options​
--account-prefix string prefix to use for naming rules (default "wf")
--all-workspaces make this account available to all workspaces
-a, --allocate strings list of workspaces to allocate to, e.g. workspace1,workspace2
--aws-org-control-tower-region string the AWS Region in which Control Tower is installed for your organization (for AWS accounts of type organization)
--aws-org-ou string the AWS OU Name in which to provision accounts (for AWS accounts of type organization)
--aws-org-role-arn string the AWS Role ARN to be assumed when provisioning accounts (for AWS accounts of type organization) - needed only if NOT using wf setup roles to provision this for you
--aws-org-sso-email string the AWS SSO User Email to own provisioned accounts (for AWS accounts of type organization)
--aws-org-sso-first-name string the AWS SSO User First Name to own provisioned accounts (for AWS accounts of type organization)
--aws-org-sso-last-name string the AWS SSO User Last Name to own provisioned accounts (for AWS accounts of type organization)
--azure-agreement-type string the Azure agreement type (MCA or EA) (for Azure accounts of type organization)
--azure-billing-account string the Azure Billing Account ID (for Azure accounts of type organization
--azure-ea-enrollment-account string the Azure Enrollment Account ID (for Azure accounts of type organization, agreement type EA)
--azure-mca-billing-profile string the Azure Billing Profile ID (for Azure accounts of type organization, agreement type MCA)
--azure-mca-invoice-section string the Azure Invoice Section ID (for Azure accounts of type organization, agreement type MCA)
--azure-mgt-group string the ID of an Azure Management Group to nest created subscriptions in (for Azure accounts of type organization)
--azure-subscription-contributor string the Object ID of an Azure AD Principal to be given contributor access to created subscriptions (for Azure accounts of type organization)
--azure-subscription-owner string the Object ID of an Azure AD Principal to own created subscriptions (for Azure accounts of type organization)
-c, --cloud string the cloud this account is for: gcp, aws, azure
--cred string the name of a cloudcredential to use to access this account - this must exist before you can create an account, use wf setup cloudidentity
--default-region string the default region for this account when a specific region is not provided for an operation
-d, --description string longer description of this account which workspaces will see if they have multiple allocated accounts
--dry-run shows the resource but does not apply or create (defaults: false)
--features strings ways in which this cloud account will be used
--gcp-billing-account string the GCP Billing Account ID (for GCP accounts of type organization)
-h, --help help for cloudaccounts
-i, --identifier string the cloud provider's identifier for the account, i.e. AWS Account ID, GCP Project, Azure Subscription ID
--no-allocation don't allocate this cloud account to a workspace
--org-id string the cloud provider's identifier for the organization, i.e. GCP Org ID, Azure Tenant ID (required for accounts of type organization on GCP and Azure)
--stage string stage this account can be used for
--type string the type of account: shared (for workspace infrastructure), organization (for account automation)
Options inherited from parent commands​
--debug Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within
SEE ALSO​
- wf create - Creates one or more resources