Version: 2.4

wf setup cloudidentity

create/ensure an identity to access: gcp, aws, azure

Synopsis

Ensures a cloud identity exists in a cloud provider for Wayfinder to use for accessing one or more cloud providers with least privilege.

You must be logged in to the relevant cloud in order for these commands to work:

AWS: Ensure you have a profile configured and selected before running these commands. https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html
Azure: Ensure you have the Azure cli installed and can login before running these commands. https://docs.microsoft.com/en-us/cli/azure/install-azure-cli
GCP: Ensure you have the gcloud CLI installed and can login before running these commands. https://cloud.google.com/sdk/docs/install

This is only needed to provide Wayfinder with access to additional clouds (e.g. to access GCP when Wayfinder is running in an AWS cluster). When Wayfinder is installed (using wf install), a cloud identity will have already been provisioned to access that cloud.

wf setup cloudidentity [flags]

Examples

# Add a cloud identity and, be prompted for all the values:
$ wf setup cloudidentity

# Create / update an AWS user identity for Wayfinder to use:
$ wf setup cloudidentity -c aws

# Create / update an Azure user identity for Wayfinder to use:
$ wf setup cloudidentity -c azure --azure-subscription-id 123456678-ABCA-ABCA-ABCA-123456789101

# Create / update a GCP user identity for Wayfinder to use:
$ wf setup cloudidentity -c gcp --gcp-project-id curly-rhino

# Remove the cloud identity resources and decomission the identity from Wayfinder:
$ wf setup cloudidentity -c aws --remove

Options

      --azure-subscription-id string   ID of Azure subscription in which to create a role to permit Wayfinder's access to your tenant
  -c, --cloud string                   cloud to create/ensure identity for: gcp, aws, azure
      --gcp-project-id string          ID of GCP project in which to create a service account to permit Wayfinder's access to your GCP organization
  -h, --help                           help for cloudidentity
      --remove                         removes all IAM resources created and removes the associated Wayfinder cloudcredential

Options inherited from parent commands

      --debug              Indicates we should use debug / trace logging (default: false)
      --force              Used to force an operation to happen (default: false)
      --no-wait            Indicates we should not wait for resources to provision
  -o, --output string      Output format of the resource (json,yaml,table,template) (default "table")
      --profile string     Use a profile other than your default for this command
      --show-headers       Indicates we should display headers on table out (default true)
      --verbose            Enables verbose logging for debugging purposes (default: false)
  -w, --workspace string   The workspace you are operating within