-
Notifications
You must be signed in to change notification settings - Fork 18
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
1ea1f5a
commit 25048fd
Showing
1 changed file
with
31 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # AWS Root Account Working Group | ||
|
|
||
| Due to overlapping responsibility of the AWS root accounts processes (mainly with Operations Engineering and Modernisation Platform) there currently exists an AWS Working Group consisting of engineers from both teams. | ||
|
|
||
| The working group is to ensure that processes surrounding the AWS Root account are visible and the steps to complete these processes are documented, discussed and eventually refined to minimise the requirement of higher-level permissions to enact day-to-day business processes. | ||
|
|
||
| The members of the working group with permission to undertake the following documented processes can be found in the GitHub Team [aws-root-account-admin-team](https://github.com/orgs/ministryofjustice/teams/aws-root-account-admin-team). Members also openly discuss changes in Slack at [#aws-root-account](https://mojdt.slack.com/archives/C06P4KA0V0A) | ||
|
|
||
| Ideally, all processes will become the responsibility of either Operations Engineering or Modernisation Platform - but for the moment, both teams are responsible via the working group. | ||
|
|
||
| Below is a list of processes championed by the working group. | ||
|
|
||
| ## Run GitHub to AWS SCIM Job Manually | ||
|
|
||
| ### Process | ||
|
|
||
| - SSO into the MoJ master account as an Administrator. | ||
| - Navigate to the "Lambda" service. | ||
| - Change your Region is set to eu-west2 (London). | ||
| - Navigate to the "Functions" on the sidebar. | ||
| - Select `aws-sso-scim-github`. | ||
| - Select the `Test` tab. | ||
| - Select `Create new event`. | ||
| - Enter any name for the `Event name` such as `RunJobManually`. | ||
| - Enter a blank JSON object for the test data i.e. `{}`. | ||
| - Press the `Test` button, this will trigger the SCIM job. | ||
| - After a couple of minutes, the job should complete and display the logs of the run. You can use the logs to confirm which users have been added to which team if the request to run the job manually came from an individual. | ||
|
|
||
| ### Issues With the Current Process | ||
|
|
||
| - Uses full admin access (excessive privileges) |