Skip to main content
Version: 1.5

wf setup access cloudaccount

wf setup access cloudaccount

Enables a specific role for end users of Wayfinder to access a managed cloud account using cloud provider native consoles and APIs


Provides Wayfinder workspace member or robot access to cloud accounts managed by Wayfinder by configuring the roles and policies within your cloud provider organisation. This command enables one or more user roles, each aligned with a specific set of permissions.

Cloud provider support:

To run this you must be logged into the specific organisational cloud account that you are setting up roles for:

wf setup access cloudaccount [flags]


# Set up a wayfinder access role called ReadOnlyAccess using the AWS built-in ReadOnlyAccess policy
# and allocate to all managed workspace accounts:
$ wf setup access cloudaccount awsorg-myorg --aws-policy ReadOnlyAccess --all-workspaces

# Set up a wayfinder access role called EC2AndReadOnlyAll using two AWS built-in policies
# and allocate to a two workspaces (app-a, and app-b):
$ wf setup access cloudaccount awsorg-myorg --role-name EC2AndReadOnlyAll \
--aws-policy ReadOnlyAccess --aws-policy AmazonEC2ReadOnlyAccess --workspaces app-a,app-b


  -a, --all-workspaces           make this account available to all workspaces
--aws-policy stringArray name of an AWS managed policy to enable
-f, --file string file containing custom policies or roles
-h, --help help for cloudaccount
--remove remove any access previously granted
--role-name string name of the user role
--workspaces stringArray list of workspaces to allocate to, e.g. workspace1,workspace2

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within