sdm admin clouds add

NAME:
   sdm admin clouds add - add one or more clouds

USAGE:
   sdm admin clouds add command [command options] [arguments...]

COMMANDS:
   aws                      create AWS cloud
   awsConsole               create AWS Management Console cloud
   awsConsoleStaticKeyPair  create AWS Management Console (Static key pair) cloud
   awsinstanceprofile       create AWS (Instance Profile) cloud
   azure                    create Azure (Password) cloud
   azurecert                create Azure (Certificate) cloud
   gcp                      create GCP CLI/SDK (Service Account) cloud
   gcpConsole               create GCP Web Console (Workforce Identity Federation) cloud
   gcpWIF                   create GCP CLI/SDK (Workforce Identity Federation) cloud
   snowsight                create Snowsight (Snowflake Web Console) cloud

OPTIONS:
   --file value, -f value  load from a JSON file
   --stdin, -i             load from stdin
   --timeout value         set time limit for command
   --help, -h              show help

aws

NAME:
   sdm admin clouds add aws - create AWS cloud

USAGE:
   sdm admin clouds add aws [command options] <name>

OPTIONS:
   --access-key-id value       (required, secret)
   --bind-interface value      bind interface (default: "127.0.0.1")
   --egress-filter value       apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --healthcheck-region value  Enter the AWS region healthcheck requests should attempt to connect to. (required)
   --port-override value       port profile override (default: -1)
   --proxy-cluster-id value    proxy cluster id
   --role-arn value            The role to assume after logging in. (secret)
   --role-external-id value    (secret)
   --secret-access-key value   (required, secret)
   --secret-store-id value     secret store id
   --subdomain value, --bind-subdomain value           DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.<your-org-name>.<sdm-proxy-domain>"). Only applicable to HTTP-based resources or resources using virtual networking mode.
   --tags value                tags e.g. 'key=value,...'
   --template, -t              display a JSON template
   --timeout value             set time limit for command

awsConsole

NAME:
   sdm admin clouds add awsConsole - create AWS Management Console cloud

USAGE:
   sdm admin clouds add awsConsole [command options] <name>

OPTIONS:
   --bind-interface value          bind interface (default: "127.0.0.1")
   --egress-filter value           apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --enable-environment-variables  Prefer environment variables to authenticate connection even if EC2 roles are configured.
   --http-subdomain value          This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/) (required)
   --port-override value           port profile override (default: -1)
   --proxy-cluster-id value        proxy cluster id
   --region value                  The AWS region to connect to. (required)
   --role-arn value                The role to assume after logging in. (required, secret)
   --role-external-id value        (secret)
   --secret-store-id value         secret store id
   --session-expiry-seconds value  The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0)
   --tags value                    tags e.g. 'key=value,...'
   --template, -t                  display a JSON template
   --timeout value                 set time limit for command

awsConsoleStaticKeyPair

NAME:
   sdm admin clouds add awsConsoleStaticKeyPair - create AWS Management Console (Static key pair) cloud

USAGE:
   sdm admin clouds add awsConsoleStaticKeyPair [command options] <name>

OPTIONS:
   --access-key-id value           (required, secret)
   --bind-interface value          bind interface (default: "127.0.0.1")
   --egress-filter value           apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --http-subdomain value          This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/) (required)
   --port-override value           port profile override (default: -1)
   --proxy-cluster-id value        proxy cluster id
   --region value                  The AWS region to connect to. (required)
   --role-arn value                The role to assume after logging in. (required, secret)
   --role-external-id value        (secret)
   --secret-access-key value       (required, secret)
   --secret-store-id value         secret store id
   --session-expiry-seconds value  The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0)
   --tags value                    tags e.g. 'key=value,...'
   --template, -t                  display a JSON template
   --timeout value                 set time limit for command

awsinstanceprofile

NAME:
   sdm admin clouds add awsinstanceprofile - create AWS (Instance Profile) cloud

USAGE:
   sdm admin clouds add awsinstanceprofile [command options] <name>

OPTIONS:
   --bind-interface value          bind interface (default: "127.0.0.1")
   --egress-filter value           apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --enable-environment-variables  Prefer environment variables to authenticate connection even if EC2 roles are configured.
   --port-override value           port profile override (default: -1)
   --proxy-cluster-id value        proxy cluster id
   --region value                  The AWS region to connect to. (required)
   --role-arn value                The role to assume after logging in. (secret)
   --role-external-id value        (secret)
   --secret-store-id value         secret store id
   --subdomain value, --bind-subdomain value               DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.<your-org-name>.<sdm-proxy-domain>"). Only applicable to HTTP-based resources or resources using virtual networking mode.
   --tags value                    tags e.g. 'key=value,...'
   --template, -t                  display a JSON template
   --timeout value                 set time limit for command

azure

NAME:
   sdm admin clouds add azure - create Azure (Password) cloud

USAGE:
   sdm admin clouds add azure [command options] <name>

OPTIONS:
   --app-id value            the application ID to authenticate with (required, secret)
   --bind-interface value    IP address on which to listen for connections to this resource on clients. Specify "default", "loopback", or "vnm" to automatically allocate an available address from the corresponding IP range configured in the organization. (default: "default")
   --egress-filter value     apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --password value          service principal password (required, secret)
   --port-override value     port profile override (default: -1)
   --proxy-cluster-id value  proxy cluster id
   --secret-store-id value   secret store id
   --subdomain value, --bind-subdomain value         DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.<your-org-name>.<sdm-proxy-domain>"). Only applicable to HTTP-based resources or resources using virtual networking mode.
   --tags value              tags e.g. 'key=value,...'
   --template, -t            display a JSON template
   --tenant-id value         the tenant ID to authenticate to (required, secret)
   --timeout value           set time limit for command

azurecert

NAME:
   sdm admin clouds add azurecert - create Azure (Certificate) cloud

USAGE:
   sdm admin clouds add azurecert [command options] <name>

OPTIONS:
   --app-id value            the application ID to authenticate with (required, secret)
   --bind-interface value    IP address on which to listen for connections to this resource on clients. Specify "default", "loopback", or "vnm" to automatically allocate an available address from the corresponding IP range configured in the organization. (default: "default")
   --certificate value       service Principal certificate file, both private and public key (required, secret)
   --egress-filter value     apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --port-override value     port profile override (default: -1)
   --proxy-cluster-id value  proxy cluster id
   --secret-store-id value   secret store id
   --subdomain value, --bind-subdomain value         DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.<your-org-name>.<sdm-proxy-domain>"). Only applicable to HTTP-based resources or resources using virtual networking mode.
   --tags value              tags e.g. 'key=value,...'
   --template, -t            display a JSON template
   --tenant-id value         the tenant ID to authenticate to (required, secret)
   --timeout value           set time limit for command

gcp

NAME:
   sdm admin clouds add gcp - create GCP CLI/SDK (Service Account) cloud

USAGE:
   sdm admin clouds add gcp [command options] <name>

OPTIONS:
   --bind-interface value    IP address on which to listen for connections to this resource on clients. Specify "default", "loopback", or "vnm" to automatically allocate an available address from the corresponding IP range configured in the organization. (default: "default")
   --egress-filter value     apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --port-override value     port profile override (default: -1)
   --proxy-cluster-id value  proxy cluster id
   --scopes value            Space separated scopes that this login should assume into when authenticating (required)
   --secret-store-id value   secret store id
   --subdomain value, --bind-subdomain value         DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.<your-org-name>.<sdm-proxy-domain>"). Only applicable to HTTP-based resources or resources using virtual networking mode.
   --svc-keyfile value       The service account keyfile to authenticate with (required, secret)
   --tags value              tags e.g. 'key=value,...'
   --template, -t            display a JSON template
   --timeout value           set time limit for command

gcpConsole

NAME:
   sdm admin clouds add gcpConsole - create GCP Web Console (Workforce Identity Federation) cloud

USAGE:
   sdm admin clouds add gcpConsole [command options] <name>

OPTIONS:
   --bind-interface value                       bind interface (default: "127.0.0.1")
   --egress-filter value                        apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --http-subdomain value                       This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/) (required)
   --identity-alias-healthcheck-username value  (conditional)
   --identity-set-id value
   --identity-set-name value                    set the identity set by name
   --port-override value                        port profile override (default: -1)
   --proxy-cluster-id value                     proxy cluster id
   --session-expiry-seconds value               The length of time in seconds console sessions will live before needing to reauthenticate. (default: 0)
   --tags value                                 tags e.g. 'key=value,...'
   --template, -t                               display a JSON template
   --timeout value                              set time limit for command
   --workforce-pool-id value                    The ID of the Workforce Identity Pool in GCP to use for federated SAML authentication. (required)
   --workforce-provider-id value                The ID of the Workforce Identity Provider in GCP to use for federated SAML authentication. (required)

gcpWIF

NAME:
   sdm admin clouds add gcpWIF - create GCP CLI/SDK (Workforce Identity Federation) cloud

USAGE:
   sdm admin clouds add gcpWIF [command options] <name>

OPTIONS:
   --bind-interface value                       bind interface (default: "127.0.0.1")
   --egress-filter value                        apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --identity-alias-healthcheck-username value  (conditional)
   --identity-set-id value
   --identity-set-name value                    set the identity set by name
   --port-override value                        port profile override (default: -1)
   --project-id value                           When specified, all project scoped requests will use this Project ID
   --proxy-cluster-id value                     proxy cluster id
   --scopes value                               Space separated scopes that this login should assume into when authenticating (required)
   --session-expiry-seconds value               The length of time in seconds console sessions will live before needing to reauthenticate. (default: 0)
   --subdomain value, --bind-subdomain value                            DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.<your-org-name>.<sdm-proxy-domain>"). Only applicable to HTTP-based resources or resources using virtual networking mode.
   --tags value                                 tags e.g. 'key=value,...'
   --template, -t                               display a JSON template
   --timeout value                              set time limit for command
   --workforce-pool-id value                    The ID of the Workforce Identity Pool in GCP to use for federated SAML authentication. (required)
   --workforce-provider-id value                The ID of the Workforce Identity Provider in GCP to use for federated SAML authentication. (required)

snowsight

NAME:
   sdm admin clouds add snowsight - create Snowsight (Snowflake Web Console) cloud

USAGE:
   sdm admin clouds add snowsight [command options] <name>

OPTIONS:
   --bind-interface value        bind interface (default: "127.0.0.1")
   --egress-filter value         apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
   --healthcheck_username value  The StrongDM user email to use for healthchecks (required)
   --port-override value         port profile override (default: -1)
   --proxy-cluster-id value      proxy cluster id
   --saml-metadata value         The Metadata for your snowflake IDP integration (required, secret)
   --secret-store-id value       secret store id
   --subdomain value, --bind-subdomain value             (required)
   --tags value                  tags e.g. 'key=value,...'
   --template, -t                display a JSON template
   --timeout value               set time limit for command
   --tls-required                sdm must use TLS to connect

Last updated 2 months ago

Was this helpful?