sdm admin clouds clone
Last modified on July 9, 2025
NAME:
sdm admin clouds clone - create a new cloud using an existing cloud as a template
USAGE:
sdm admin clouds clone command [command options] [arguments...]
COMMANDS:
aws clone AWS cloud
awsConsole clone AWS Management Console cloud
awsConsoleStaticKeyPair clone AWS Management Console (Static key pair) cloud
awsinstanceprofile clone AWS (Instance Profile) cloud
azure clone Azure (Password) cloud
azurecert clone Azure (Certificate) cloud
gcp clone GCP CLI/SDK (Service Account) cloud
gcpConsole clone GCP Web Console (Workforce Identity Federation) cloud
gcpWIF clone GCP CLI/SDK (Workforce Identity Federation) cloud
snowsight clone Snowsight (Snowflake Web Console) cloud
OPTIONS:
--help, -h show help
aws
NAME:
sdm admin clouds clone aws - clone AWS cloud
USAGE:
sdm admin clouds clone aws [command options] <ID>
OPTIONS:
--access-key-id value (secret)
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--healthcheck-region value Enter the AWS region healthcheck requests should attempt to connect to.
--name value datasource name
--port-override value port profile override (default: -1)
--role-arn value The role to assume after logging in. (secret)
--role-external-id value (secret)
--secret-access-key value (secret)
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
awsConsole
NAME:
sdm admin clouds clone awsConsole - clone AWS Management Console cloud
USAGE:
sdm admin clouds clone awsConsole [command options] <ID>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--enable-environment-variables Prefer environment variables to authenticate connection even if EC2 roles are configured.
--http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/)
--name value datasource name
--port-override value port profile override (default: -1)
--region value The AWS region to connect to.
--role-arn value The role to assume after logging in. (secret)
--role-external-id value (secret)
--session-expiry-seconds value The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
awsConsoleStaticKeyPair
NAME:
sdm admin clouds clone awsConsoleStaticKeyPair - clone AWS Management Console (Static key pair) cloud
USAGE:
sdm admin clouds clone awsConsoleStaticKeyPair [command options] <ID>
OPTIONS:
--access-key-id value (secret)
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/)
--name value datasource name
--port-override value port profile override (default: -1)
--region value The AWS region to connect to.
--role-arn value The role to assume after logging in. (secret)
--role-external-id value (secret)
--secret-access-key value (secret)
--session-expiry-seconds value The length of time in seconds AWS console sessions will live before needing to reauthenticate. (default: 0)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
awsinstanceprofile
NAME:
sdm admin clouds clone awsinstanceprofile - clone AWS (Instance Profile) cloud
USAGE:
sdm admin clouds clone awsinstanceprofile [command options] <ID>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--enable-environment-variables Prefer environment variables to authenticate connection even if EC2 roles are configured.
--name value datasource name
--port-override value port profile override (default: -1)
--region value The AWS region to connect to.
--role-arn value The role to assume after logging in. (secret)
--role-external-id value (secret)
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
azure
NAME:
sdm admin clouds clone azure - clone Azure (Password) cloud
USAGE:
sdm admin clouds clone azure [command options] <ID>
OPTIONS:
--app-id value the application ID to authenticate with (secret)
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--name value datasource name
--password value service principal password (secret)
--port-override value port profile override (default: -1)
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--tenant-id value the tenant ID to authenticate to (secret)
--timeout value set time limit for command
azurecert
NAME:
sdm admin clouds clone azurecert - clone Azure (Certificate) cloud
USAGE:
sdm admin clouds clone azurecert [command options] <ID>
OPTIONS:
--app-id value the application ID to authenticate with (secret)
--bind-interface value bind interface (default: "127.0.0.1")
--certificate value service Principal certificate file, both private and public key (secret)
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--name value datasource name
--port-override value port profile override (default: -1)
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--tenant-id value the tenant ID to authenticate to (secret)
--timeout value set time limit for command
gcp
NAME:
sdm admin clouds clone gcp - clone GCP CLI/SDK (Service Account) cloud
USAGE:
sdm admin clouds clone gcp [command options] <ID>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--name value datasource name
--port-override value port profile override (default: -1)
--scopes value Space separated scopes that this login should assume into when authenticating
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--svc-keyfile value The service account keyfile to authenticate with (secret)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
gcpConsole
NAME:
sdm admin clouds clone gcpConsole - clone GCP Web Console (Workforce Identity Federation) cloud
USAGE:
sdm admin clouds clone gcpConsole [command options] <ID>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--http-subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into http://app-prod1.<your-org-name>.sdm.network/)
--identity-alias-healthcheck-username value
--identity-set-id value
--identity-set-name value set the identity set by name
--name value datasource name
--port-override value port profile override (default: -1)
--proxy-cluster-id value proxy cluster id
--session-expiry-seconds value The length of time in seconds console sessions will live before needing to reauthenticate. (default: 0)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
--workforce-pool-id value The ID of the Workforce Identity Pool in GCP to use for federated SAML authentication.
--workforce-provider-id value The ID of the Workforce Identity Provider in GCP to use for federated SAML authentication.
gcpWIF
NAME:
sdm admin clouds clone gcpWIF - clone GCP CLI/SDK (Workforce Identity Federation) cloud
USAGE:
sdm admin clouds clone gcpWIF [command options] <ID>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--identity-alias-healthcheck-username value
--identity-set-id value
--identity-set-name value set the identity set by name
--name value datasource name
--port-override value port profile override (default: -1)
--project-id value When specified, all project scoped requests will use this Project ID
--proxy-cluster-id value proxy cluster id
--scopes value Space separated scopes that this login should assume into when authenticating
--session-expiry-seconds value The length of time in seconds console sessions will live before needing to reauthenticate. (default: 0)
--subdomain value This will be used as your local DNS address. (e.g. app-prod1 would turn into app-prod1.<your-org-name>.sdm.network)
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
--workforce-pool-id value The ID of the Workforce Identity Pool in GCP to use for federated SAML authentication.
--workforce-provider-id value The ID of the Workforce Identity Provider in GCP to use for federated SAML authentication.
snowsight
NAME:
sdm admin clouds clone snowsight - clone Snowsight (Snowflake Web Console) cloud
USAGE:
sdm admin clouds clone snowsight [command options] <ID>
OPTIONS:
--bind-interface value bind interface (default: "127.0.0.1")
--delete-all-tags
--delete-tags value delete-tags e.g. 'key,...'
--egress-filter value apply filter to select egress nodes e.g. 'field:name tag:key=value ...'
--healthcheck_username value The StrongDM user email to use for healthchecks
--name value datasource name
--port-override value port profile override (default: -1)
--saml-metadata value The Metadata for your snowflake IDP integration (secret)
--subdomain value
--tags value tags e.g. 'key=value,...'
--timeout value set time limit for command
--tls-required sdm must use TLS to connect