# sdm admin clouds clone ```shell NAME: sdm admin clouds clone - create a new cloud using an existing cloud as a template USAGE: sdm admin clouds clone command [command options] [arguments...] COMMANDS: aws clone AWS cloud awsConsole clone AWS Management Console cloud awsConsoleStaticKeyPair clone AWS Management Console (Static key pair) cloud awsinstanceprofile clone AWS (Instance Profile) cloud azure clone Azure (Password) cloud azurecert clone Azure (Certificate) cloud gcp clone GCP CLI/SDK (Service Account) cloud gcpConsole clone GCP Web Console (Workforce Identity Federation) cloud gcpWIF clone GCP CLI/SDK (Workforce Identity Federation) cloud oktaGroups clone Okta Groups cloud snowsight clone Snowsight (Snowflake Web Console) cloud OPTIONS: --help, -h show help ``` ### aws ```shell NAME: sdm admin clouds clone aws - clone AWS cloud USAGE: sdm admin clouds clone aws [command options] OPTIONS: --access-key-id value (secret) --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --healthcheck-region value Enter the AWS region healthcheck requests should attempt to connect to. --name value datasource name --port-override value port profile override (default: -1) --role-arn value The role to assume after logging in. (secret) --role-external-id value (secret) --secret-access-key value (secret) --subdomain value, --bind-subdomain value DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.."). Only applicable to HTTP-based resources or resources using virtual networking mode. --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` ### awsConsole ```shell NAME: sdm admin clouds clone awsConsole - clone AWS Management Console cloud USAGE: sdm admin clouds clone awsConsole [command options] OPTIONS: --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --enable-environment-variables Prefer environment variables to authenticate connection even if EC2 roles are configured. --http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1..sdm.network/) --name value datasource name --no-use-https Client connections will use HTTPS instead of HTTP (disable) --port-override value port profile override (default: -1) --region value The AWS region to connect to. --role-arn value The role to assume after logging in. (secret) --role-external-id value (secret) --session-expiry-seconds value The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0) --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` ### awsConsoleStaticKeyPair ```shell NAME: sdm admin clouds clone awsConsoleStaticKeyPair - clone AWS Management Console (Static key pair) cloud USAGE: sdm admin clouds clone awsConsoleStaticKeyPair [command options] OPTIONS: --access-key-id value (secret) --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1..sdm.network/) --name value datasource name --port-override value port profile override (default: -1) --region value The AWS region to connect to. --role-arn value The role to assume after logging in. (secret) --role-external-id value (secret) --secret-access-key value (secret) --session-expiry-seconds value The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0) --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` ### awsinstanceprofile ```shell NAME: sdm admin clouds clone awsinstanceprofile - clone AWS (Instance Profile) cloud USAGE: sdm admin clouds clone awsinstanceprofile [command options] OPTIONS: --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --enable-environment-variables Prefer environment variables to authenticate connection even if EC2 roles are configured. --name value datasource name --port-override value port profile override (default: -1) --region value The AWS region to connect to. --role-arn value The role to assume after logging in. (secret) --role-external-id value (secret) --subdomain value, --bind-subdomain value DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.."). Only applicable to HTTP-based resources or resources using virtual networking mode. --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` ### azure ```shell NAME: sdm admin clouds clone azure - clone Azure (Password) cloud USAGE: sdm admin clouds clone azure [command options] OPTIONS: --app-id value the application ID to authenticate with (secret) --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --name value datasource name --password value service principal password (secret) --port-override value port profile override (default: -1) --subdomain value, --bind-subdomain value DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.."). Only applicable to HTTP-based resources or resources using virtual networking mode. --tags value tags e.g. 'key=value,...' --tenant-id value the tenant ID to authenticate to (secret) --timeout value set time limit for command ``` ### azurecert ```shell NAME: sdm admin clouds clone azurecert - clone Azure (Certificate) cloud USAGE: sdm admin clouds clone azurecert [command options] OPTIONS: --app-id value the application ID to authenticate with (secret) --bind-interface value bind interface (default: "127.0.0.1") --certificate value service Principal certificate file, both private and public key (secret) --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --name value datasource name --port-override value port profile override (default: -1) --subdomain value, --bind-subdomain value DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.."). Only applicable to HTTP-based resources or resources using virtual networking mode. --tags value tags e.g. 'key=value,...' --tenant-id value the tenant ID to authenticate to (secret) --timeout value set time limit for command ``` ### gcp ```shell NAME: sdm admin clouds clone gcp - clone GCP CLI/SDK (Service Account) cloud USAGE: sdm admin clouds clone gcp [command options] OPTIONS: --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --name value datasource name --port-override value port profile override (default: -1) --scopes value Space separated scopes that this login should assume into when authenticating --subdomain value, --bind-subdomain value DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.."). Only applicable to HTTP-based resources or resources using virtual networking mode. --svc-keyfile value The service account keyfile to authenticate with (secret) --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` ### gcpConsole ```shell NAME: sdm admin clouds clone gcpConsole - clone GCP Web Console (Workforce Identity Federation) cloud USAGE: sdm admin clouds clone gcpConsole [command options] OPTIONS: --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1..sdm.network/) --identity-alias-healthcheck-username value --identity-set-id value --identity-set-name value set the identity set by name --name value datasource name --port-override value port profile override (default: -1) --proxy-cluster-id value proxy cluster id --session-expiry-seconds value The length of time in seconds console sessions will live before needing to reauthenticate. (default: 0) --tags value tags e.g. 'key=value,...' --timeout value set time limit for command --workforce-pool-id value The ID of the Workforce Identity Pool in GCP to use for federated SAML authentication. --workforce-provider-id value The ID of the Workforce Identity Provider in GCP to use for federated SAML authentication. ``` ### gcpWIF ```shell NAME: sdm admin clouds clone gcpWIF - clone GCP CLI/SDK (Workforce Identity Federation) cloud USAGE: sdm admin clouds clone gcpWIF [command options] OPTIONS: --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --identity-alias-healthcheck-username value --identity-set-id value --identity-set-name value set the identity set by name --name value datasource name --port-override value port profile override (default: -1) --project-id value When specified, all project scoped requests will use this Project ID --proxy-cluster-id value proxy cluster id --scopes value Space separated scopes that this login should assume into when authenticating --session-expiry-seconds value The length of time in seconds console sessions will live before needing to reauthenticate. (default: 0) --subdomain value, --bind-subdomain value DNS subdomain through which this resource may be accessed on clients (e.g. "app-prod" allows the resource to be accessed as "app-prod.."). Only applicable to HTTP-based resources or resources using virtual networking mode. --tags value tags e.g. 'key=value,...' --timeout value set time limit for command --workforce-pool-id value The ID of the Workforce Identity Pool in GCP to use for federated SAML authentication. --workforce-provider-id value The ID of the Workforce Identity Provider in GCP to use for federated SAML authentication. ``` ### oktaGroups ```shell NAME: sdm admin clouds clone oktaGroups - clone Okta Groups cloud USAGE: sdm admin clouds clone oktaGroups [command options] OPTIONS: --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --discovery-enabled Enable discovery for the Okta organization. --domain value the Org Client URL or the Okta Domain Name --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --group-names value Enter one or more group names to match. Use commas to separate multiple names. Supports wildcards (e.g., Admin*). Only groups with matching names will be discovered. --identity-set-id value --identity-set-name value set the identity set by name --name value datasource name --privilege-levels value comma separated list of Okta Group Names --proxy-cluster-id value proxy cluster id --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` ### snowsight ```shell NAME: sdm admin clouds clone snowsight - clone Snowsight (Snowflake Web Console) cloud USAGE: sdm admin clouds clone snowsight [command options] OPTIONS: --bind-interface value bind interface (default: "127.0.0.1") --delete-all-tags --delete-tags value delete-tags e.g. 'key,...' --egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...' --healthcheck_username value The StrongDM user email to use for healthchecks --name value datasource name --no-use-https Client connections will use HTTPS instead of HTTP (disable) --port-override value port profile override (default: -1) --saml-metadata value The Metadata for your snowflake IDP integration (secret) --subdomain value, --bind-subdomain value --tags value tags e.g. 'key=value,...' --timeout value set time limit for command ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.strongdm.com/references/cli/admin/clouds/clone.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.