Skip to main content

Overview

Grant Wayfinder with cloud access (AWS cloud account, Azure subscription or GCP project) to enable it to manage specific cloud resources and provide cloud automation.

Wayfinder supports:

  • An implicit connection: Wayfinder's installation instance is in the same cloud access that you're adding e.g., Wayfinder is installed in Azure and you're adding an Azure Subscription.
  • A cross-cloud connection: Wayfinder's installation instance is in a different cloud account, subscription or project than the on you're adding e.g., Wayfinder is installed in Azure and you're adding an AWS account or Google Project.

You can jump to the relevant documentation according to what you're trying to add and where Wayfinder is installed.

  • You're adding an AWS account and Wayfinder is installed in either: AWS, Azure, or GCP.
  • You're adding an Azure subscription and Wayfinder is installed in either: AWS, Azure, or GCP.
  • You're adding a GCP project and Wayfinder is installed in either: AWS, Azure, or GCP.
  • Wayfinder is installed off-cloud and you want to use static credentials for: AWS, Azure, or GCP.

Overview of steps

For each cloud access that you want to connect, you need to:

  1. Specify the type of cloud access you need.
  2. Limit the scope of the cloud access to a specific workspace and stage.
  3. Specify an authentication method to allow Wayfinder to securely connect to the cloud access that you're adding. You can configure authentication without credentials which uses Wayfinder's identity to connect. You can also configure static credentails for authentication, but that is less secure and we recommend that you only use it when Wayfinder is installed off-cloud in non-production environments.
  4. Give Wayfinder cloud permissions to access cloud resources and perform relevant tasks. At this point you can run Wayfinder's terraform module to create the needed configuration and permissions in the target account, subscription or project (or you can do the configuration manually).

Access Type

When you've selected the Access Type as 'Kubernetes Cluster Provisioning', you need to set the scope to control where you want to provide the access to. This section is not visible for other Access Types.

What is the difference between a workspace and a stage?
  • A workspace is where teams provision and manage applications, environments, clusters, and cloud resources.
  • A stage is used to isolate and test resources at the infrastructure level such as production or development.
What is 'platform' scope?

Access types that are designated as 'platform' are for configurations that are outside the scope of any particular workspace or stage and are intended for the use by Wayfinder administrators.


Access TypeDescriptionScope
Kubernetes Cluster ProvisioningUsed for creating, updating and managing Kubernetes, cluster networking and workspace scoped DNS records for applications.Workspace and Stage
DNS ProvisioningUsed for managing a top-level domain, so that Wayfinder can create sub domains within it that are delegated to workspace clusters.Platform
PeeringUsed for peering automation. Wayfinder can accept peering requests enabling connectivity between Wayfinder provisioned Kubernetes clusters and any external VPC network.Platform
Cost EstimatesUsed for cost data retrieval in order to provide infrastructure cost estimates.Platform

Wayfinder's Terraform Module

Use Wayfinder's terraform module to create the needed configuration and permissions in the target AWS account, Azure subscription or GCP project.

Wayfinder's web interface provides you with the needed input values for Wayfinder's terraform module. Use the output values from Wayfinder's terraform module to test the cloud access configuration in Wayfinder's web interface. Upon success, Wayfinder's web interface outputs the yaml for the cloud access configuration that you can apply immediately or save for later.


CLI Quick Reference

InstructionCLI Command
Create a workspace
(only if Access Type is Kubernetes Cluster Provisioning)
wf create workspace WORKSPACE-KEY -s SUMMARY
Create a stage
(only if Access Type is Kubernetes Cluster Provisioning)
wf create stage STAGE-NAME -d DESCRIPTION
View Cloud Access Configurationswf get cloudaccessconfig -c CLOUD -w WORKSPACE-KEY
Output the Cloud Access Configuration to consolewf get cloudaccessconfig CONFIG-NAME -o yaml
Output the Cloud Access Configuration to filewf get cloudaccessconfig CONFIG-NAME > ./PATH/TO/FILE.yaml
Apply the Cloud Access Configuration from filewf apply cloudaccessconfig -f ./PATH/TO/FILE.yaml
View Cloud Permissionswf get cloudpermissions
View the Permissions of the specified Cloud Permissionwf describe cloudpermissions PERMISSION-NAME -c CLOUD -o JSON
View input values for Wayfinder's terraform modulewf describe cloudaccess --cloud-identity CLOUDIDENTITY-NAME --to-cloud TARGET-CLOUD --for-type ACCESS-TYPE --for-stage STAGE-NAME --for-workspace WORKSPACE-KEY -o tfvars
View cloud identitieswf get cloudidentities
Output the details of the cloud identity to consolewf get cloudidentities NAME-OF-IDENTITY -o yaml
Create a cloud identity for Wayfinder's workload identity
(You only have to do this once)
wf create cloudidentity CLOUDIDENTITY-NAME --for-workload-identity
[ADVANCED USERS]
Create a Cloud Access Configuration
wf create cloudaccessconfig [flags]