Skip to main content

AWS Console Access

New joiners for Cloud platform team will need AWS Console access for most things. IAM resources (users, groups, roles, etc) are managed by terraform so new users are nothing more than new resources in terraform.

Related repositories:

Steps to create/delete users

1) Check the user is in the webops GitHub team, which authorizes access to this AWS account.

2) Create a git branch and add (or delete) the user as terraform code. Do not forget to link the user to a group.

3) Using terraform plan in cloud-platform-infrastructure/terraform/cloud-platform-account/ to verify you’re happy with the terraform changes.

4) Create the PR, ask the team to review it, and merge it.

5) Create a release.

6) In the infrastructure repo, edit the terraform config that calls that module, to use the new release - see example

7) Create the PR, ask the team to review it, and merge it.

8) Let the apply-cloud-platform pipeline apply the changes.

9) Verify the user is created. (You can use AWS Console for this.)

10) Tell them they can login here: https://aws-login.cloud-platform.service.justice.gov.uk

Activating MFA for new users

Unfortunataly terraform can’t activate MFA for users, this process must be done done manually either thorugh AWS Console (UI) or through the AWS CLI.

This page was last reviewed on 11 May 2021. It needs to be reviewed again on 11 August 2021 by the page owner #cloud-platform .
This page was set to be reviewed before 11 August 2021 by the page owner #cloud-platform. This might mean the content is out of date.