Skip to main content
Version: 2.4

wf setup cloudidentity

wf setup cloudidentity

create/ensure an identity to access: gcp, aws, azure


Ensures a cloud identity exists in a cloud provider for Wayfinder to use for accessing one or more cloud providers with least privilege.

You must be logged in to the relevant cloud in order for these commands to work:

This is only needed to provide Wayfinder with access to additional clouds (e.g. to access GCP when Wayfinder is running in an AWS cluster). When Wayfinder is installed (using wf install), a cloud identity will have already been provisioned to access that cloud.

wf setup cloudidentity [flags]


# Add a cloud identity and, be prompted for all the values:
$ wf setup cloudidentity

# Create / update an AWS user identity for Wayfinder to use:
$ wf setup cloudidentity -c aws

# Create / update an Azure user identity for Wayfinder to use:
$ wf setup cloudidentity -c azure --azure-subscription-id 123456678-ABCA-ABCA-ABCA-123456789101

# Create / update a GCP user identity for Wayfinder to use:
$ wf setup cloudidentity -c gcp --gcp-project-id curly-rhino

# Remove the cloud identity resources and decomission the identity from Wayfinder:
$ wf setup cloudidentity -c aws --remove


      --azure-subscription-id string   ID of Azure subscription in which to create a role to permit Wayfinder's access to your tenant
-c, --cloud string cloud to create/ensure identity for: gcp, aws, azure
--gcp-project-id string ID of GCP project in which to create a service account to permit Wayfinder's access to your GCP organization
-h, --help help for cloudidentity
--remove removes all IAM resources created and removes the associated Wayfinder cloudcredential

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
--force Used to force an operation to happen (default: false)
--no-wait Indicates we should not wait for resources to provision
-o, --output string Output format of the resource (json,yaml,table,template) (default "table")
--profile string Use a profile other than your default for this command
--show-headers Indicates we should display headers on table out (default true)
--verbose Enables verbose logging for debugging purposes (default: false)
-w, --workspace string The workspace you are operating within


  • wf setup - Initialises dependencies required to run wayfinder