sdm admin clouds add
Last modified on November 7, 2024
NAME:
sdm admin clouds add - add one or more clouds
USAGE:
sdm admin clouds add command [command options] [arguments...]
COMMANDS:
aws create AWS cloud
awsConsole create AWS Management Console cloud
awsConsoleStaticKeyPair create AWS Management Console (Static key pair) cloud
awsinstanceprofile create AWS (Instance Profile) cloud
azure create Azure (Password) cloud
azurecert create Azure (Certificate) cloud
gcp create GCP cloud
snowsight create Snowsight (Snowflake Web Console) cloud
OPTIONS:
--file value, -f value load from a JSON file
--stdin, -i load from stdin
--timeout value set time limit for command
--help, -h show help
aws
NAME:
sdm admin clouds add aws - create AWS cloud
USAGE:
sdm admin clouds add aws [command options] <name>
OPTIONS:
--access-key-id value (required, secret)
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--healthcheck-region value Enter the AWS region healthcheck requests should attempt to connect to. (required)
--port-override value port profile override (default: -1)
--role-arn value The role to assume after logging in. (secret)
--role-external-id value (secret)
--secret-access-key value (required, secret)
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
awsConsole
NAME:
sdm admin clouds add awsConsole - create AWS Management Console cloud
USAGE:
sdm admin clouds add awsConsole [command options] <name>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--enable-environment-variables Prefer environment variables to authenticate connection even if EC2 roles are configured.
--http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/) (required)
--port-override value port profile override (default: -1)
--region value The AWS region to connect to. (required)
--role-arn value The role to assume after logging in. (required, secret)
--role-external-id value (secret)
--secret-store-id value secret store id
--session-expiry-seconds value The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
awsConsoleStaticKeyPair
NAME:
sdm admin clouds add awsConsoleStaticKeyPair - create AWS Management Console (Static key pair) cloud
USAGE:
sdm admin clouds add awsConsoleStaticKeyPair [command options] <name>
OPTIONS:
--access-key-id value (required, secret)
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/) (required)
--port-override value port profile override (default: -1)
--region value The AWS region to connect to. (required)
--role-arn value The role to assume after logging in. (required, secret)
--role-external-id value (secret)
--secret-access-key value (required, secret)
--secret-store-id value secret store id
--session-expiry-seconds value The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
awsinstanceprofile
NAME:
sdm admin clouds add awsinstanceprofile - create AWS (Instance Profile) cloud
USAGE:
sdm admin clouds add awsinstanceprofile [command options] <name>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--enable-environment-variables Prefer environment variables to authenticate connection even if EC2 roles are configured.
--port-override value port profile override (default: -1)
--region value The AWS region to connect to. (required)
--role-arn value The role to assume after logging in. (secret)
--role-external-id value (secret)
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
azure
NAME:
sdm admin clouds add azure - create Azure (Password) cloud
USAGE:
sdm admin clouds add azure [command options] <name>
OPTIONS:
--app-id value the application ID to authenticate with (required, secret)
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--password value service principal password (required, secret)
--port-override value port profile override (default: -1)
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--tenant-id value the tenant ID to authenticate to (required, secret)
--timeout value set time limit for command
azurecert
NAME:
sdm admin clouds add azurecert - create Azure (Certificate) cloud
USAGE:
sdm admin clouds add azurecert [command options] <name>
OPTIONS:
--app-id value the application ID to authenticate with (required, secret)
--bind-interface value bind interface (default: "127.0.0.1")
--certificate value service Principal certificate file, both private and public key (required, secret)
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--port-override value port profile override (default: -1)
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--tenant-id value the tenant ID to authenticate to (required, secret)
--timeout value set time limit for command
gcp
NAME:
sdm admin clouds add gcp - create GCP cloud
USAGE:
sdm admin clouds add gcp [command options] <name>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--port-override value port profile override (default: -1)
--scopes value Space separated scopes that this login should assume into when authenticating (required)
--secret-store-id value secret store id
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--svc-keyfile value The service account keyfile to authenticate with (required, secret)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
snowsight
NAME:
sdm admin clouds add snowsight - create Snowsight (Snowflake Web Console) cloud
USAGE:
sdm admin clouds add snowsight [command options] <name>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--healthcheck_username value The StrongDM user email to use for healthchecks (required)
--port-override value port profile override (default: -1)
--saml-metadata value The Metadata for your snowflake IDP integration (required, secret)
--secret-store-id value secret store id
--subdomain value (required)
--tags value tags e.g. 'key=value,...'
--template, -t display a JSON template
--timeout value set time limit for command
--tls-required sdm must use TLS to connect