Permalink
Fetching contributors…
Cannot retrieve contributors at this time
87 lines (58 sloc) 3.21 KB
owner_slack title section layout parent last_reviewed_on review_in old_paths
#govuk-2ndline
Set up your AWS account
AWS accounts
manual_layout
/manual.html
2018-09-03
6 months
/manual/user-management-in-aws.html

To work with govuk-aws and govuk-aws-data, you will require an account in AWS.

1. Request a GDS AWS account

GDS maintains a central account for AWS access. You will need to request an account from the Technology and Operations team.

πŸ‘‰ Request an account

2. Sign in to AWS

To sign in, go to the GDS AWS Sign page, and use the following credentials:

  • "Account ID or alias": gds-users
  • Username: your @digital.cabinet-office.gov.uk email address
  • Password: your password

πŸ‘‰ Sign in to AWS GDS account

3. Set up your MFA

You have to set up Multi-Factor Authentication (MFA).

  1. Sign in to AWS GDS account
  2. Select or go to IAM service.
  3. Click on "Users" in the menu bar on the left hand side
  4. Enter your name
  5. Click on the link for your email address
  6. Click on the security credentials tab
  7. Click on the "Manage" link next to "Assigned MFA device"
  8. Follow the steps to set up your MFA device

Changing your MFA device

Follow steps 1 - 7 in Set up your MFA. Then:

  1. Choose one of the two options (Remove or Resync)
  2. Click on the "Manage" link next to "Assigned MFA device"
  3. Follow the steps to set up your MFA device

4. Get the appropriate access

An account in AWS doesn't give you access to anything, you'll need to be given rights.

Add yourself to a lists of users found in the data for the infra-security project. There are 3 groups:

  • govuk-administrators: people in Reliability Engineering who are working on GOV.UK infrastructure, Architects and Lead Developers of GOV.UK and anyone else working on the AWS migration
  • govuk-powerusers: anyone else who can have production access on GOV.UK
  • govuk-platformhealth-powerusers: as above but for members of the GOV.UK Platform Health team
  • govuk-users: anyone else who needs integration access on GOV.UK

The identifier you need to add is called the "User ARN". You can find this by going to the users page in AWS IAM and selecting your profile.

arn:aws:iam::<account-id>:user/<firstname.lastname>@digital.cabinet-office.gov.uk

After your PR has been merged, someone from the govuk-administrators group needs to deploy the infra-security project.

πŸ‘‰ Deploy AWS infrastructure with Terraform

5. Do your thing πŸš€

You can now:

πŸ‘‰ Access the AWS console

πŸ‘‰ Use AWS on the command line