-
Notifications
You must be signed in to change notification settings - Fork 2
Scenarios
Julius as a user has been granted access to the FAM_Administer_FOM role in FAM, so he can use FAM to grant users access to FOM-specific roles. FAM has been configured with FOM as an application with two roles - FOM_Ministry and FOM_Submitter. FOM_Submitter is flagged as requiring specifying the forest client.
Juilus wants grant a user access to submit to FOM. He selects the FOM application, then selects the FOM Submitter role, then selects the user and selects the forest client (by ID + Name) for 00001011. The backend creates an association between that user and the FOM_Submitter role specific to the forest client 00001011.
When this user goes to access FOM, FOM contacts FAM's identity provider (Cognito) which after user login dispatches to FAM to determine access. FAM constructs the JWT access token to specify something like roles { FOM_Submitter { forest_clients: { '00001011' } } }. FOM then decrypts and parses the token to manage access based on this information.
- Environment Management
- Release Management
- Creating a Release
- Database Backups and Restores
- OIDC Client Testing
- FAM Onboarding Ops Guide
- Setup AWS CloudWatch
- Setup AWS EC2 instance to connect to RDS Postgres Database
- Technical Troubleshooting
- Managing Terraform State
- Enable Cloudwatch Logs for API Gateway
- Update AWS CloudFront Certificate