[Platformone] Switch over to new AWS RBAC
Mark Nissley
mnissley at redhat.com
Thu Dec 19 15:02:02 UTC 2019
Team -
There is some urgency to switch over to the new AWS RBAC model. While this
holds some risk, it is necessary and must be done as soon as possible. We
will not initiate this action until AFTER the meeting with Nic tomorrow in
which we will review the IATT package. If significant and immediate actions
come out of that we will reevaluate the RBAC timeline.
In the meantime, please take a few minutes to review the notes and actions
below from Adrian, who is leading that effort:
*"Unfortunately the state of the AWS Account and Users are going to require
me to disable accounts and have people call me to set their new account
up. There are a lot of users without an MFA, never logged in, no point of
contact email, no tags, and I think some users are no longer on the
program. *
*What we can do is leave Jonny and Chris *[Chris is on PTO so I'd propose
Dino in this spot as he will be working over the break]* with full admin
temporarily in case there is something needed by the Platform1 team in the
short term. I can also set a target date of 3 Jan to remove their full
admin privileges. As full admins they will be able to utilize any AWS
service needed by the Platform1 Team. I would ask them to not change
anything in IAM as far as the RBAC is concerned. If the Platform1 team
needs access to a specific AWS service I can review and possibly change
their permissions in the RBAC policies."*
PLEASE NOTE: this will require action from everyone to set up a new account.
Mark NISSLEY, PMP, CSM, LEAN
PROGRAM MaNAGER & SR technical Project Manager
North American Consulting, Public Sector
<https://www.redhat.com/>
M: 850-530-3234
<https://www.redhat.com/>
*Scheduled PTO: Dec 23 - Jan 03*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/platformone/attachments/20191219/8b8bd3e7/attachment.htm>
More information about the platformONE
mailing list