Skip to main content

YJAF AWS IAM Account Creation

This process covers the creation of IAM accounts for the YJAF AWS account.

This is a semi-automated process. New users are managed in Terraform, however, user credentials are issued manually.

Add users to code

  1. Create a module for the new user in users.tf.

Example (replace FirstnameSurname with actual user details): module "FirstnameSurname" { source = "../modules/user" username = "FirstnameSurname" tags = local.tags } 2. Add users new username (that you created in step 1) to appropriate list in env_config depending on level of access required.

Example: i2n_devops_members = [ "FirstnameSurname", ] This would add the new user FirstnameSurname to the i2n_devops_members group and allow them specifc permissions. All permissions and policies can be found elsewhere in this repository.

  1. Raise a PR.

  2. On merging the PR an automated Terraform Apply will run.

After the apply has finished successfully you can access the AWS account to get the users login details for the next steps.

Issue login details

  1. Use AWS SSO to access the Youth Justice Framework Management account.

  2. Access the IAM console.

  3. Go to the Users section.

  4. Click on the new user who was created via Terraform in the previous steps.

  5. Navigate to the Security credentials tab.

  6. Click on the Enable console access button.

  7. On the next sectionm select Auto generated password and ensure the User must create new password at next sign-in box is checked. Then click on the Enable console access button to save and move on.

  8. The next screen contains the login url, username and password. Make a note of these and provide these details to the new users via email.

Example email: “` Hi Firstname,

Please see below for your new Youth Justice AWS console login details:

Console URL: https://yjaf-mgmt.signin.aws.amazon.com/console

Username: FirstnameSurname

Password: **************

You will be asked to set a new password on first login.

You will also need to set up 2FA on the account. Please ensure the device name is identical to your Username i.e. FirstnameSurname.

Any issues please let me know. ”`

  1. Send email to users with new console login details.
This page was last reviewed on 7 January 2025. It needs to be reviewed again on 7 April 2025 by the page owner #operations-engineering-alerts .