Configuration

anycloud uses credentials for cloud provider access. Credentials are stored locally on your machine, encrypted at rest, and never sent to any external service. SSH keys are generated locally on each deployment.

You can optionally define reusable deployment profiles in anycloud.yaml — but most options can be passed directly as CLI flags or SDK parameters.

Credentials

Create credentials by passing provider-specific flags (all credential values also accept an environment-variable fallback):

# AWS
anycloud credentials new prod-aws --provider aws \
  --access-key-id AKIA... --secret-access-key ...

# Azure
anycloud credentials new prod-azure --provider azure \
  --application-id ... --secret ... \
  --subscription-id ... --directory-id ...

# GCP (inline values)
anycloud credentials new prod-gcp --provider gcp \
  --project-id my-proj --client-email sa@my-proj.iam.gserviceaccount.com \
  --private-key "$(cat /path/to/sa.json | jq -r .private_key)"

# Lambda Labs
anycloud credentials new prod-lambda --provider lambda --api-key ...

You can have multiple credentials for different accounts.

anycloud credentials list             # View configured credentials
anycloud credentials edit <name>      # Update fields on existing credentials
anycloud credentials delete <name>    # Remove credentials

On a terminal, run anycloud credentials new <name> with no provider flags (or anycloud credentials new with no name at all) to launch an interactive wizard instead. It can:

read an existing local profile — an AWS profile from ~/.aws/credentials, or a GCP service-account key / ADC;
provision a brand-new least-privilege IAM user / service principal / service account by calling your local aws / az / gcloud CLI;
or accept pasted values.

Azure has no "read from local CLI" option — its CLI session is user-auth, not a service-principal secret — so the Azure wizard offers only "generate a new service principal" or "paste an existing one".

Deployment Profiles (Optional)

If you run the same configuration repeatedly, save it as a reusable profile in anycloud.yaml in your project directory:

dev:
  credentialsName: my-aws
  region: us-west-2
  vmType: t3.medium

gpu-training:
  credentialsName: my-aws
  gpuType: h100
  spot: true

prod-gpu:
  credentialsName: my-aws
  region: us-east-1
  vmType: g4dn.xlarge
  spot: true
  diskSizeGb: 100
  inputBucket: training-data
  outputBucket: results

# Ordered fallback pool: try h100, then a100, then l40s.
# Each entry is expanded into the regions where it's available; the
# scheduler picks the cheapest unblocked target and falls over on
# quota / capacity errors.
gpu-fallback:
  credentialsName: my-aws
  gpuType:
    - h100:8
    - a100:8
    - l40s:8
  spot: true

Profile Fields

Field	Description
`credentialsName`	Which credentials to use (required), or an ordered fallback list. See Fallback Credentials
`region`	Cloud region (e.g., `us-west-2`). Optional — omit to auto-select the cheapest available region
`gpuType`	GPU type with optional count (e.g., `h100`, `a100:8`), or an ordered fallback list. Mutually exclusive with `vmType`
`vmType`	VM instance type (e.g., `t3.medium`, `Standard_D2s_v5`, `n1-standard-2`), or an ordered fallback list
`spot`	Use spot/preemptible instances (`true`/`false`)
`diskSizeGb`	OS disk size in GB
`availabilityZone`	Specific zone (Azure: `1`,`2`,`3` / GCP: `a`,`b`,`c`)
`inputBucket`	Cloud bucket for read-only input data
`outputBucket`	Cloud bucket for job outputs
`inputStorageCredentialsName`	Credentials for input bucket (defaults to `credentialsName`)
`inputStorageRegion`	Region for input bucket storage (required with cross-cloud input credentials)
`outputStorageCredentialsName`	Credentials for output bucket (defaults to `credentialsName`)
`outputStorageRegion`	Region for output bucket storage (required with cross-cloud output credentials)

Input and output storage are configured independently. If you omit inputStorageCredentialsName or outputStorageCredentialsName, that bucket uses the compute credentials — even when the other bucket's storage credentials are set.

To author a fallback list interactively, run anycloud config new <name> and use the multi-select picker (Space to mark, Enter to confirm — selection order is the fallback order). To edit an existing profile, anycloud config edit <name> --vm-type <a> --vm-type <b> (and --gpu-type likewise) is repeatable; passing the flag once collapses to a scalar in the YAML.

These map to CloudConfig parameters in the Python SDK. See CloudConfig Parameters.

The CLI also supports anycloud.json as an alternative format, but YAML is preferred.

For details on GPU type vs VM type and config variants, see CloudConfig Internals.

Managing Profiles

# Create a profile (all fields as flags)
anycloud config new gpu-small \
  --credentials prod-aws --region us-east-1 --vm-type g5.xlarge

anycloud config list              # View all profiles
anycloud config edit <name>       # Update fields on a profile
anycloud config remove <name>     # Delete a profile

note

The Python SDK's @anycloud.function() decorator accepts configuration inline via CloudConfig and decorator parameters. See Python SDK — Function Decorator and CloudConfig Parameters.

Credentials​

Deployment Profiles (Optional)​

Profile Fields​

Managing Profiles​

Credentials

Deployment Profiles (Optional)

Profile Fields

Managing Profiles