modernisation-platform icon indicating copy to clipboard operation
modernisation-platform copied to clipboard

Published 20 hours ago verified publisher icon ministryofjustice

Refactor role policies, and create multiple "aws_ssoadmin_customer_managed_policy_attachment" statements.

Open ep-93 opened this issue 11 months ago • 0 comments

User Story

As mod platform user When new permissions are requested, adding them to a role saturated in permissions hits a limit, they need to be split So that we can continue to add permissions and manage them in a better fashion.

Value / Purpose

We can manage permissions in our roles correctly.

Useful Contacts

Edd Proctor

Additional Information

Step 1 -

Review our roles and policy attachments. Are there any that could be reduced, so that we have less to manage, could some be built up of pre existing ones? Please see this doc

https://docs.google.com/document/d/1vYCAtQpHgBBSMXgs7--uTwV7idt3cI3HRTZ1kKrZMCQ/edit?usp=sharing

We are going with option 1, but the graph might help you on this step.

Step 2 - Attach multiple customer policies to a role, as shown in step 2. Easiest step will be to have the common statements attached to each role as another statement, so it can be taken out of our other policy statements.

Please check plans, and think of any impact to users, test in sprinkler.

Definition of Done

  • [ ] Documentation has been written / updated on roles / policies
  • [ ] Informed users of the change.
  • [ ] Another team member has reviewed
  • [ ] Test changes in sprinkler
  • [ ] Deployed

ep-93 avatar Mar 19 '24 08:03 ep-93