wf setup access cloudaccount

wf setup access cloudaccount

Enables a specific role for end users of Wayfinder to access a managed cloud account using cloud provider native consoles and APIs

Synopsis

Provides Wayfinder workspace member or robot access to cloud accounts managed by Wayfinder by configuring the roles and policies within your cloud provider organisation. This command enables one or more user roles, each aligned with a specific set of permissions.

Cloud provider support:

• AWS is supported using AWS managed policies
  • See https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_managed-vs-inline.html#aws-managed-policies
• GCP and Azure are not supported

To run this you must be logged into the specific organisational cloud account that you are setting up roles for:

• AWS: Ensure you have a profile configured and selected, pointing to your master AWS account, before running these commands https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html

wf setup access cloudaccount [flags]

Examples

# Set up a wayfinder access role called ReadOnlyAccess using the AWS built-in ReadOnlyAccess policy
# and allocate to all managed workspace accounts:
$ wf setup access cloudaccount awsorg-myorg --aws-policy ReadOnlyAccess --all-workspaces

# Set up a wayfinder access role called EC2AndReadOnlyAll using two AWS built-in policies
# and allocate to a two workspaces (app-a, and app-b):
$ wf setup access cloudaccount awsorg-myorg --role-name EC2AndReadOnlyAll \
    --aws-policy ReadOnlyAccess --aws-policy AmazonEC2ReadOnlyAccess --workspaces app-a,app-b

Options

  -a, --all-workspaces           make this account available to all workspaces
      --aws-policy stringArray   name of an AWS managed policy to enable
  -f, --file string              file containing custom policies or roles
  -h, --help                     help for cloudaccount
      --remove                   remove any access previously granted
      --role-name string         name of the user role
      --workspaces stringArray   list of workspaces to allocate to, e.g. workspace1,workspace2

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
      --force              Used to force an operation to happen (default: false)
      --no-wait            Indicates we should not wait for resources to provision
  -o, --output string      Output format of the resource (json,yaml,table,template) (default "table")
      --profile string     Use a profile other than your default for this command
      --show-headers       Indicates we should display headers on table out (default true)
      --verbose            Enables verbose logging for debugging purposes (default: false)
  -w, --workspace string   The workspace you are operating within

SEE ALSO

• wf setup access - Initialises dependencies for Wayfinder access features