AWS Console Access
New joiners for Cloud platform team will need AWS Console access for most things. IAM resources (users, groups, roles, etc) are managed by terraform so new users are nothing more than new resources in terraform.
Related repositories:
Steps to create/delete users
1) Check the user is in the webops GitHub team, which authorizes access to this AWS account.
2) Create a git branch and add (or delete) the user as terraform code. Do not forget to link the user to a group.
3) Using terraform plan
in cloud-platform-infrastructure/terraform/cloud-platform-account/
to verify you’re happy with the terraform changes.
4) Create the PR, ask the team to review it, and merge it.
5) Create a release.
6) In the infrastructure repo, edit the terraform config that calls that module, to use the new release - see example
7) Create the PR, ask the team to review it, and merge it.
8) Apply the changes.
9) Verify the user is created. (You can use AWS Console for this.)
10) Tell them they can login here: https://aws-login.cloud-platform.service.justice.gov.uk
Activating MFA for new users
Unfortunataly terraform can’t activate MFA for users, this process must be done done manually either through AWS Console (UI) or through the AWS CLI.