Skip to main content
Version: 2.3

wf create cloudaccessconfig

wf create cloudaccessconfig

Allows Wayfinder to access a cloud account, subscription or project

Synopsis

Creates a cloud access config for a workspace so it can be used by Wayfinder to provision infrastructure. You can create one cloud access config per stage, per cloud provider in each workspace.

You can also create 'admin' cloud access configs for Wayfinder-wide functionality such as global DNS zone management.

For non-admin cloud access configs, the default feature is 'Provisioning', allowing Wayfinder to provision workspace infrastructure such as networks, clusters and DNS zones.

For admin cloud access configs, the default features are 'DNS zone management' and 'Cost estimates', allowing Wayfinder to manage global DNS zones and download pricing information for cost estimation.

To see additional features, run 'wf create cloudaccessconfig --list-features'. If you wish to enable different features, use the --feature flag.

To output the required IAM to your terminal; run 'wf setup cloudaccessconfig --display'. This will output the required IAM to your terminal which you can apply to your cloud provider.

This command can configure IAM for the specified cloud access config directly. To do this, ensure you are logged in to the relevant cloud account / subscription / project in your terminal and run this command with '--setup'.

wf create cloudaccessconfig [flags]

Examples


# Add an account to the current workspace, being prompted for all the values:
$ wf create cloudaccessconfig

# Add a global/admin account, being prompted for all other values:
$ wf create cloudaccessconfig --admin --name aws-admin
 
# Alternatively, use flags to set the values needed as follows.
 
# Add a non-prod GCP project for the 'wsp' workspace:
$ wf create cloudaccessconfig -w wsp -c gcp -s nonprod -i project-id --default-region europe-west2
 
# Add a prod AWS account for the 'proj' workspace:
$ wf create cloudaccessconfig -w proj -c aws -s prod -i 123456654321 --default-region eu-west-2
 
# Add a non-prod Azure account for the 'wsp' workspace:
$ wf create cloudaccessconfig -w wsp -c azure --stage nonprod -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
    --org-id zyx1234q-a1b2-c3d4-e5f6-abcd1234ef90 --default-region uksouth

# Add an Azure subscription for administrative purposes - you must include --name instead of --stage when 
# adding an admin account as it is possible to add multiple admin accounts for a single cloud:
$ wf create cloudaccessconfig --admin --name azure-dns -c azure -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
    --default-region uksouth --org-id zyx1234q-a1b2-c3d4-e5f6-abcd1234ef90 \
    --feature DNSZoneManagement --feature CostsAudit

Options

      --admin                   cloud access for Wayfinder-wide administrative purposes, such as global DNS zone management
  -c, --cloud string            the cloud this access is for: gcp, aws, azure
      --default-region string   the default region for this account when a specific region is not provided for an operation
  -d, --description string      longer description of this access which workspaces will see if they have multiple allocated access
      --dry-run                 shows the resource but does not apply or create (defaults: false)
      --feature strings         ways in which this cloud access will be used - defaults to 'Provisioning' for normal accounts, 'DNSZoneManagement' and 'CostEstimates' for admin accounts. Can be specified multiple times to enable multiple features.
  -h, --help                    help for cloudaccessconfig
  -i, --identifier string       the cloud provider's identifier for access, i.e. AWS Account ID, GCP Project, Azure Subscription ID
      --list-features           lists available features that can be enabled for a linked cloud access
      --list-roles              lists roles required for a given cloud provider and feature (or default features)
      --name string             name for the cloud access config in Wayfinder
      --org-id string           the cloud provider's identifier for the organization, i.e. Azure Tenant ID (required for certain features on Azure to function correctly)
      --role-name strings       provider role names to be used for cloud access in the format role-name=provider-role-name. Can be specified multiple times to enable multiple roles.
      --setup                   creates the cloud access config in Wayfinder and sets up the IAM in the cloud
  -s, --stage string            stage this access can be used for - required unless this is an 'admin' cloud access config

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
      --force              Used to force an operation to happen (default: false)
      --no-wait            Indicates we should not wait for resources to provision
  -o, --output string      Output format of the resource (json,yaml,table,template) (default "table")
      --profile string     Use a profile other than your default for this command
      --show-headers       Indicates we should display headers on table out (default true)
      --verbose            Enables verbose logging for debugging purposes (default: false)
  -w, --workspace string   The workspace you are operating within

SEE ALSO

Last updated on 13 Apr 2023