Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃摉 Remove admins and unused users from Quicksight in AP-prod #4385

Closed
2 tasks
michaeljcollinsuk opened this issue May 22, 2024 · 4 comments
Closed
2 tasks

馃摉 Remove admins and unused users from Quicksight in AP-prod #4385

michaeljcollinsuk opened this issue May 22, 2024 · 4 comments
Assignees
@michaeljcollinsuk
Labels
story

Comments

@michaeljcollinsuk
Copy link
Contributor

User Story

As a AP admin
I want to reduce the number of admins in Quicksight
So that only AP admins have admin access

Value / Purpose

There are a lot of users in Quicksight (in ap-prod account) that have admin permissions. Only AP admins should have admin access, AP users should either be readers or authors. This will stop unexpected changes being made in the account.

There are also a lot of users that area no longer active, and should be reduced entirely. This will reduce overhead and costs.

Useful Contacts

No response

User Types

No response

Hypothesis

No response

Proposal

  1. Change all admins to authors
  2. Identify and remove inactive users

Additional Information

No response

Definition of Done

  • Admins changed to authors
  • Inactive users removed
@michaeljcollinsuk michaeljcollinsuk self-assigned this Jun 4, 2024
@michaeljcollinsuk
Copy link
Contributor Author

Some quick numbers on users in the account:

  1. 38 admins (some of these are us), 22 have not been active in 2024.
  2. 29 authors, 17 have not been active in 2024.
  3. 395 readers. but 323 have not been active in 2024.

@michaeljcollinsuk
Copy link
Contributor Author

Plan:

  1. Demote all admins to authors
  2. Delete readers not active since before 2024
  3. Remaining inactive authors:
    i. Check if they have any resources
    ii. If they have no resources, delete them
    iii. If they have resources, identify the resources and decide next steps

@michaeljcollinsuk
Copy link
Contributor Author

michaeljcollinsuk commented Jun 6, 2024
edited

PR that implements a script to delete users ministryofjustice/analytics-platform-control-panel#1301

The AWS quicksight API does not return details of a users last activity/login, so I had to pull the usernames from the Quicksight UI and parse them into a csv file.

@michaeljcollinsuk
Copy link
Contributor Author

  • Deleted inactive users
  • Inactive admins were deleted, with resources transferred to AWSReservedSSO_AdministratorAccess_48361bdb022cb721/julialawrence@digital.justice.gov.uk user
  • Downgraded non-team member admins to authors - the below were not able to downgrade:
username: mi-alpha/oselle.opus@digital.justice.gov.uk
email: oselle.opus@digital.justice.gov.uk

username: arn:aws:ds:eu-west-1:593291632749:federated/iam/AROAYUIXP4BW2EJ7X7ZLB:andrew.lightfoot@digital.justice.gov.uk
email: analytics-platform-tech@digital.justice.gov.uk

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@michaeljcollinsuk michaeljcollinsuk

Labels
story
Projects
Analytical Platform
Status: 馃帀 Done
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michaeljcollinsuk