Cloud CLI

The Cloud CLI extension runs cloud-provider CLIs (AWS, Azure, GCP, Okta, etc.) as D&R response actions. Use it to take action in a cloud service when a LimaCharlie detection fires — for example, disable an Okta user, isolate an EC2 instance, or revoke a GitHub token directly from a rule.

It uses each platform's native CLI under the hood, so anything the CLI can do is available as an automated response.

When to use Cloud CLI vs API Integrations

• Cloud CLI — write actions into an external service (run a command, change state).
• API Integrations — read from an external service for enrichment (look up reputation, geolocation, etc.).

Most setups end up using both: API integrations enrich detections with context, Cloud CLI acts on them.

Supported Platforms

• 1Password
• AWS
• Azure
• DigitalOcean
• GitHub
• Google Cloud
• Microsoft 365
• Okta
• SDM
• Sublime
• Tailscale
• Vultr

See Also

• Extensions Overview
• Using Extensions
• API Integrations