Versions Compared

Old Version 3

changes.mady.by.user Chamath Wijesekera

Saved on

compared with

New Version 4

changes.mady.by.user Chamath Wijesekera

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Access to the Development Slack

subject to change - we might create a new Slack workspace that’s under a Waterloo Rocketry email going into the future

The Development Slack is a free Slack workspace that is used to test the development deployment of Minerva. You can join it by either:

...

  • AWSAdmin - Only to be given to Software Lead + highly trusted developers. Gives the AdministratorAccess permission policy to users, which gives you access over everything (except for billing). This includes the ability to view all the secrets that minerva uses in plain-text. This should is also be the only role that can create new user accounts.

  • AWSUser - Gives full access to services such as Lambda, EventBridge, API Gateway, S3, and Cloudformation. To be only given to trusted users who actually need direct write access to AWS infrastructure, which is likely no one as changes can be made through the CDK stack in a much more transparent way.

  • AWSUser_ReadOnly - The default group to assign to new users. Gives read-only access to all the necessary services.

...

  • .

Creating new AWS user accounts

  1. Navigate to the “create user” page in IAM

  2. Enter a user name for the account. Make it something straightforward, like the individual’s WatIAM ID (e.g. cwijesek)

  3. Check the “Provide user access to the AWS Management Console” box, check the “I want to create an IAM user” radio button (we’re not using AWS Identity Center…for now), and click “next”.

  4. Select the User group that you want the user to be a part of. In almost all cases, this is just the AWSUser_ReadOnly group. Click “next”.

  5. Verify that all the configurations are correct and if so, click on the “Create user” button.

  6. Send the listed user name and console password to the individual that you are creating the account for. Note that the password provided is temporary and on the user’s first login they will be prompted to change it.

(Optional) Access to the Development Google Account

Access to the Development Google Account is only on a must-need basis. It owns the Development Google Calendar and (eventually) the Development Slack workspace.

Credentials can be obtained by messaging the Software lead and providing a valid use-case. If approved, you will be invited to a private Slack channel that will contain the email and password to the account.

If asked for a verification method (e.g. send my recovery phone/email a verification code), opt to send it to the recovery email.