TTS-wide AWS Account Adminstration

This repository contains AWS cross-account management for the Technology Transform Service (TTS) and is managed by the TTS Technology Portfolio within the General Services Administration.

Jump account: 133032889584

Setup

1. Set up AWS credentials for jump account.

2. Install Terraform.

3. Clone this repository.

4. Set up Terraform.

   cd aws-admin/terraform
   terraform init

5. Confirm the AWS connection works.

   terraform plan

Cross-account access

Based on these steps.

From the Console

1. Log in to the jump account using IAM
2. Use the Switch role URL from the AWS accounts list

More info.

Locally

Terraform will generate an AWS config file.

1. Run the following from this directory (the -target part is optional):

   terraform apply -target=local_file.aws_config

2. Copy the config file.

   mkdir -p ~/.aws
   cp aws_config.ini ~/.aws/config

3. Use the named profiles with the AWS CLI or other tools.

Budgets

Budgets are listed by business unit in two places:

• The AWS accounts spreadsheet
• AWS Systems Manager Parameter Store

To add a new one:

1. Sign into the payer account
2. Go to the Parameter Store
3. Create a parameter
   1. For Name, use /tts/aws-budget/<BUSINESS UNIT>
      • Make <BUSINESS UNIT> lower-case, alphanumeric, with hyphens
   2. For Value, enter the monthly budget as an integer
4. Mimic use of the business_unit module

Parameter Store is used to keep the values private.