wf create cloudorg
wf create cloudorg
Add a cloud organization to Wayfinder for cloud account automation
Synopsis
Adds a cloud organization to Wayfinder that it can use for performing account management activities.
You must choose whether to allocate the organization to all workspaces (using --all-workspaces) or to specific workspaces (using --allocate workspace1,workspace2,etc).
When creating an organization for account automation, you can also specify optional suffixes and prefixes for production and non-production accounts. This can be configured in more detail on the Wayfinder UI or by preparing a cloud org manifest to use with 'wf apply'.
wf create cloudorg [flags]
Examples
# Add an org, being prompted for all the values:
$ wf create cloudorg [accountname]
# Alternatively, use flags to set the values needed as follows.
# Create GCP organization account for all workspaces:
$ wf create cloudorg gcp-org -c gcp -i admin-project-id \
--default-region europe-west2 --all-workspaces \
--org-id 1234567890 \
--gcp-billing-account 012ABC-ABC987-246EFA
# Create AWS organization account for all workspaces:
$ wf create cloudorg aws-org -c aws -i 123456654321 \
--default-region eu-west-2 --all-workspaces \
--aws-org-ou wf-managed --aws-org-sso-email 'example@your.org' \
--aws-org-sso-first-name Horse --aws-org-sso-last-name McFarlane \
--aws-org-control-tower-region eu-west-1
# Create Azure organization account for an MCA agreement type for all workspaces:
$ wf create cloudorg azure-org -c azure -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --all-workspaces \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type MCA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-mca-billing-profile AW4F-APQW-0AH-ABC \
--azure-mca-invoice-section PQRS-ALDS-012-DEF \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-mgt-group wf-subscription-mgt-group
# Create Azure organization account for an EA agreement type for all workspaces,
# with the optional subscription contributor set:
$ wf create cloudorg azure-org -c azure -i abcd1234-a1b2-c3d4-e5f6-abcd1234ef90 \
--default-region uksouth --all-workspaces \
--org-id defa1234-a1b2-c3d4-e5f6-abcd12341212 \
--azure-agreement-type EA \
--azure-billing-account aaa111b-abcd-ef01-2345-bcdabc123fed:1234aaab-0100-1234-abcd-abcd0123abcd_2019-05-31 \
--azure-ea-enrollment-account 7654321 \
--azure-subscription-owner defa1234-a1b2-c3d4-e5f6-abcd1234ef32 \
--azure-subscription-contributor 9876a1234-a1b2-c3d4-e5f6-abcd1234ef64 \
--azure-mgt-group wayfinder-subscription-mgt-group
Options
--account-prefix string prefix to use for naming rules (default "wf")
--all-workspaces make this org available to all workspaces
-a, --allocate strings list of workspaces to allocate to, e.g. workspace1,workspace2
--aws-org-control-tower-region string the AWS Region in which Control Tower is installed for your organization (for AWS)
--aws-org-ou string the AWS OU Name in which to provision accounts (for AWS)
--aws-org-role-arn string the AWS Role ARN to be assumed when provisioning accounts (for AWS) - needed only if NOT using wf setup cloudorg to provision this for you
--aws-org-sso-email string the AWS SSO User Email to own provisioned accounts (for AWS)
--aws-org-sso-first-name string the AWS SSO User First Name to own provisioned accounts (for AWS)
--aws-org-sso-last-name string the AWS SSO User Last Name to own provisioned accounts (for AWS)
--azure-agreement-type string the Azure agreement type (MCA or EA) (for Azure)
--azure-billing-account string the Azure Billing Account ID (for Azure
--azure-ea-enrollment-account string the Azure Enrollment Account ID (for Azure, agreement type EA)
--azure-mca-billing-profile string the Azure Billing Profile ID (for Azure, agreement type MCA)
--azure-mca-invoice-section string the Azure Invoice Section ID (for Azure, agreement type MCA)
--azure-mgt-group string the ID of an Azure Management Group to nest created subscriptions in (for Azure)
--azure-subscription-contributor string the Object ID of an Azure AD Principal to be given contributor access to created subscriptions (for Azure)
--azure-subscription-owner string the Object ID of an Azure AD Principal to own created subscriptions (for Azure)
-c, --cloud string the cloud: gcp, aws, azure
--default-region string the default region for this account when a specific region is not provided for an operation
--dry-run shows the resource but does not apply or create (defaults: false)
--gcp-billing-account string the GCP Billing Account ID (for GCP)
-h, --help help for cloudorg
-i, --identifier string cloud provider's identifier for the account to use for org-wide resources/access relating to this cloud org, i.e. AWS Account ID, GCP Project, Azure Subscription ID
--org-id string the cloud provider's identifier for the organization, i.e. GCP Org ID, Azure Tenant ID, AWS Master Account ID
--stage strings stage this org can be used for (supports multiple values, e.g. --stage prod --stage nonprod) - default is ALL stages if none specified
Options inherited from parent commands
--debug Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within
SEE ALSO
- wf create - Creates one or more resources