Skip to main content
Version: 2.3

Connect Cloud Accounts

Scope

Connect Cloud Accounts give you the ability to add your existing AWS accounts, GCP projects and Azure Subscriptions to Wayfinder.

If you need more information on Connect Cloud Accounts, then please see the overview section, otherwise use the information below to set up your cloud accounts.


CLI Quick Reference

Cloud ProviderInstructionCLI Commands
AWSConnect Cloud Accounts (AWS Account)`wf create cloudaccessconfig
AzureConnect Cloud Accounts (Azure subscription)`wf create cloudaccessconfig
GCPConnect Cloud Accounts (GCP project)`wf create cloudaccessconfig

AWS Cloud Accounts

You can connect your existing AWS account(s) to Wayfinder. You can access a cloud account by adding IAM role(s) to the AWS account you wish to use. This topic shows how to connect an existing AWS account to Wayfinder.

Prerequisites

Create an identity for Wayfinder to use for assuming any specific account role. See AWS Cloud Identity.

Connect a cloud account

Use one of the following methods to connect a cloud account:

  • To connect an AWS account using the CLI:

  1. Run wf create cloudaccessconfig.

    See wf create cloudaccessconfig.


  • To connect an AWS account using Wayfinder's web interface:

  1. Click Wayfinder settings, and then navigate to Cloud accounts > Accounts > Amazon Web Services.

  2. Click Connect account.

    The Connect to cloud accounts screen is displayed:

    [🎨 please wait... Space beavers are busy painting this screenshot]

  3. Select Connect an existing account, and then click Next.

    The Details screen is displayed.

  4. Fill in the account details, and then click Next.

    In the account details:

    • Supply the name, ID, credentials, and default region.
    • Allocate the account to one or more workspaces, or none.
    • To make the account available to cluster creators, you must select at least one Stage.

    When you click Next the Features screen appears.

  5. On the Features screen, select the features you want to enable on this account, and then click Save.

    Users can access these features depending on their roles and permissions:

    • Provisioning
    • DNS Zone Management
    • Cost Audit
    • Cost Estimates

Disconnect the account

To disconnect the account:

  1. Click Wayfinder settings, navigate to Cloud accounts > Accounts > Amazon Web Services.
  2. Click the Actions tab on the account, and then click Delete.


Azure Cloud Accounts

You can connect your existing Azure subscription(s) to Wayfinder. You can access an Azure subscription in Wayfinder by adding Azure service principals or Azure managed identities to the Azure subscription you wish to use.

Prerequisites

Before connecting an existing subscription, you need access to an Azure Subscription from the Azure CLI, and a cloud identity in Wayfinder.

Access to Azure subscription

You must set the subscription in Azure to the one you want Wayfinder to use.

To set the subscription in Azure:

  1. Install the Azure CLI.

  2. Using the Azure CLI, run the following to set the Azure subscription to the one you want Wayfinder to manage:

    az login 
    # Set the subscription to the friendly name of the subscription 
    # you wish Wayfinder to use:
    az account set --subscription "SUBSCRIPTION_NAME"

Create a cloud identity

Note

This step is not required when Wayfinder is installed on Azure.

If Wayfinder is not installed on the Azure cloud, you must create an identity for Wayfinder to use for initial access to Azure. For instructions, see Azure Cloud Identity.

Connect an existing Azure subscription

Use one of the following methods to connect an Azure subscription:

  • To connect the Azure subscription using the CLI:

  1. Run wf create cloudaccessconfig.

    See wf create cloudaccessconfig.

  • To connect an existing Azure subscription using the UI:

  1. Click Wayfinder settings, and then navigate to Cloud accounts > Accounts > Microsoft Azure.

  2. Click Connect account.

    The Connect to cloud accounts screen is displayed:

    [🎨 please wait... Space beavers are busy painting this screenshot]

  3. Select Connect an existing account, and then click Next.

    The Details screen is displayed.

  4. Fill in the account details, and then click Next.

    In the account details:

    • Supply the name, ID, credentials, and default region.
    • Allocate the account to one or more workspaces, or none.
    • To make the account available to cluster creators, you must select at least one Stage.

    When you click Next the Features screen appears.

  5. On the Features screen, select the features you want to enable on this account, and then click Save.

    Users can access these features depending on their roles and permissions:

    • Provisioning
    • DNS Zone Management
    • Cost Audit
    • Cost Estimates

Disconnect the azure subscription

To disconnect the subscription:

  1. Click Wayfinder settings, navigate to Cloud accounts > Accounts > Microsoft Azure, and then find and expand the account (subscription in Azure).
  2. Click the Actions tab on the account, and then click Delete.


GCP Cloud Accounts

You can connect your existing GCP project(s) to Wayfinder. You can do this by connecting the project to Wayfinder, then setting up a set of roles to permit Wayfinder's GCP cloud identity to access this project for the Wayfinder features you want to use.

Prerequisites

Create an identity for Wayfinder to use for accessing GCP. See GCP Cloud Identity.

Connect your GCP Project in Wayfinder

Use one of the following methods to connect a GCP project:

  • To connect a GCP project using the CLI:

  1. Run wf create cloudaccessconfig.

    See wf create cloudaccessconfig.

  • To connect an existing GCP project using the UI:

  1. Click Wayfinder settings, and then navigate to Cloud accounts > Accounts > Google Cloud Platform.

  2. Click Connect account.

    The Connect to cloud accounts screen is displayed:

    [🎨 please wait... Space beavers are busy painting this screenshot]

  3. Select Connect an existing account, and then click Next.

    The Details screen is displayed.

  4. Fill in the account details, and then click Next.

    In the account details:

    • Supply the name, ID, credentials, and default region.
    • Allocate the account to one or more workspaces, or none.
    • To make the account available to cluster creators, you must select at least one Stage.

    When you click Next the Features screen appears.

  5. On the Features screen, select the features you want to enable on this account, and then click Save.

    Users can access these features depending on their roles and permissions:

    • Provisioning
    • DNS Zone Management
    • Cost Audit
    • Cost Estimates

Disconnect the GCP project

To disconnect the project:

  1. Click Wayfinder settings, navigate to Cloud accounts > Accounts > Google Cloud Platform, and then find and expand the account (project in GCP).
  2. Click the Actions tab on the account, and then click Delete.
Last updated on 18 Jul 2023