ol-infrastructure icon indicating copy to clipboard operation
ol-infrastructure copied to clipboard

Published 20 hours ago verified publisher icon mitodl

User console IAM in AWS

Open Ardiea opened this issue 2 years ago • 1 comments

As a DevOps team member, I'd like to manage user console access permissions (IAM) via code rather than making changes by hand in IAM.

Couple things:

  1. Simplify it. Maybe just reduce it down to a global ReadOnly policy and then upgrade things from there.
  2. Any permissions beyond read only should use custom policies whenever possible so that they are least access.
  3. Figure out who uses it and who does not.
  4. Use groups. Attach policies to groups and then put users in groups.

Many of user access could probably be relegated to vault and having devs obtain short lived credentials from there that they can use for API access (which is what most people actually need, probably). There is still a usecase for password login to the console, though, so this issue focuses on cleaning that up.

Designs and Mockups

Acceptance Criteria:

  • [ ] An IAM solution that is code based.

Out of Scope

  • Not going to do

Ardiea avatar Nov 30 '22 15:11 Ardiea

Does this issue dovetail with https://github.com/mitodl/ol-infrastructure/issues/1816 at all? Is that issue dependent on this one?

feoh avatar Nov 20 '23 21:11 feoh