Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Adding and Managing IAM Permissions to Users to Wiki #79

Closed
3 of 8 tasks
JasonEb opened this issue Sep 27, 2023 · 3 comments
Closed
3 of 8 tasks

Create Adding and Managing IAM Permissions to Users to Wiki #79

JasonEb opened this issue Sep 27, 2023 · 3 comments
Labels
feature: agenda role: missing size: 1pt Can be done in 4-6 hours

Comments

@JasonEb
Copy link
Contributor

JasonEb commented Sep 27, 2023
edited by ExperimentsInHonesty
Loading

Overview

As an Ops member, I'd like to have documentation that shows how to apply permissions and manage user groups within AWS IAM so I can have an online reference.

Documentation should feature screenshots like seen in the Ops Wiki.

Action Items

  • Clarify process between Adding Permissions and Adding to User Groups
  • Update wiki
    • Should go under AWS User Management
    • Should have it's heading like "Adding Permissions"
    • Should cover and provide an explanation of what an AWS Managed Policy vs Inline
    • Should have a remark about when to
      • add a user to a user group
      • when to add permissions directly to a usergroup or create a new user group for a certain permissions

Resources/Instructions

https://github.com/hackforla/ops/wiki/AWS-User-Management

https://docs.aws.amazon.com/IAM/latest/UserGuide/introduction_access-management.html
@JasonEb JasonEb added size: 1pt Can be done in 4-6 hours feature: agenda labels Sep 27, 2023
@JasonEb JasonEb mentioned this issue Sep 27, 2023
Closed
@Tyson-miller
Copy link
Member

It'd be great if this can be done alongside (or after) this issue to investigate automating IAM users with terraform.

@JasonEb JasonEb changed the title Update Wiki for onboarding new users to aws admin Create Adding and Managing IAM Permissions to Users Oct 26, 2023
@JasonEb JasonEb changed the title Create Adding and Managing IAM Permissions to Users Create Adding and Managing IAM Permissions to Users to Wiki Oct 26, 2023
@robinglov robinglov mentioned this issue Jan 17, 2024
Closed
@ExperimentsInHonesty
Copy link
Member

ExperimentsInHonesty commented Apr 8, 2024
edited
Loading

This issue seems to have been worked on but not finished. It details a process that we are no longer doing, since we are now adding users via terraform. Should the page https://github.com/hackforla/ops/wiki/AWS-User-Management be removed from the wiki and do you think this page replaces that https://github.com/hackforla/ops/wiki/Permission-levels-for-Team-Members.

@ExperimentsInHonesty ExperimentsInHonesty mentioned this issue Apr 8, 2024
Open
@ExperimentsInHonesty ExperimentsInHonesty transferred this issue from hackforla/ops Jun 13, 2024
@github-project-automation github-project-automation bot moved this to New Issue Review in CoP: DevOps: Project Board Jun 27, 2024
@chelseybeck
Copy link
Member

chelseybeck commented Aug 8, 2024
edited
Loading

Everything in this issue has been resolved. The https://github.com/hackforla/ops/wiki/AWS-User-Management has been deleted.

Previous page contents

For reference on IAM users, go down to "Creating IAM Users" to follow a step by step instructions on how to create a user from Amazons documentation.

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html#id_users_create_console

(Note: To add a user, either the team lead or the correct administrative user will need to grant you access to HackForLA's AWS incubator platform).

To add a user via IAM

  1. Please go to: https://hfla-incubator.signin.aws.amazon.com/console and sign in to the console homepage.

  2. Once you have arrived, please either type in IAM in the search bar at the top left or click on the IAM under "Recently visited" per below.

image

  1. Once you have arrived at the IAM home screen, click on "User" under Access Management"

image

  1. Click on "Add Users" at the top right of the screen

image

  1. Enter in the name of The User and be sure to and click on the checkbox "Provide user access to the AWS Management Console" in order to create a password for the user to use. Autogenerate the password and allow the check box for users to create a new password when signing in.
    (NOTE: The name of the user should be in the format of "lastname"."firstname")

image

  1. From here, click on the perferred permission settings for the user and click next.

(Note: When adding a new user, it is best practice to add the users to user group of ops-group since read only access is applied to this group)

image

  1. Review the new user and click "Create user"

image

  1. The User will be created. From here, you will have to send the password to the user by clicking the "show" button.

(Note: The "Email sign-in instructions" is utulized using Outlook or any type of email service you have on your local machine and it is recommended to send the password via Slack)

image

  1. Once everyhthing is complete, click on "return to users list" and click on the user that you have just created.

  2. On the user summary page, click on "tags".

image

  1. Click on "manage tag" and click on "Add new tag" to add in the users email address and click on save changes.

(Note: You will need to get the users email address from Google Share Drive as well as their Slack ID and what project the user is currently on.)

image

image

Security Recommendations:

  1. Do not use root account for creating a user. The root user credentials should not be used for daily tasks.
  2. Grant the ReadOnlyAccess policy to every newly created user. Set a baseline privilege as the ReadOnly Access during onboarding process. Add additional permissions regarding user’s role in the company after discussing user’s responsibilities within the company.
  3. Do Not allow user to self-manage tags. Do Not allow user to add a tag while managing tags.
  4. Use autogenerated password when creating a new user.
  5. Require MFA for additional security (Authy app).
  6. Regularly review users and remove unused users and permissions.

@github-project-automation github-project-automation bot moved this from New Issue Review to Done in CoP: DevOps: Project Board Aug 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature: agenda role: missing size: 1pt Can be done in 4-6 hours
Projects
CoP: DevOps: Project Board
Status: Done
Milestone
No milestone
Development

No branches or pull requests
4 participants
@JasonEb @ExperimentsInHonesty @Tyson-miller @chelseybeck