In this step either Security or Cloud Administrators will onboard a limited set of initial builders who will have access to their team development environments. The outcome is that a small team of builders has the knowledge to start using their team development AWS accounts, where to find basic usage documentation, and who to contact for support.
This step should take about 60 minutes to complete.
Work with your cross-functional colleagues in Security, Compliance, and Finance to assemble the basic form of a getting started document and share it with the members of the initial builder teams so that they understand the fundamentals of their responsibilities, access permissions, and how to access and begin using their team development AWS accounts.
See the Example Getting Started Guide for Builder Team Members as a recommended starting point.
Create a new group in AWS SSO for each of the builder teams and associate those groups with an initial set of permissions and their respective team development AWS accounts.
management
account.Management console
associated with the AWSAdministratorAccess
role.AWS SSO
.Groups
in AWS SSO.Create group
.example
with your organization’s identifier:example-dev-infra
example-dev-<team identifier>
Dev - Foundation
Dev - <team identifier>
Create
.Next, enable each team development group to access the associated team development AWS account.
AWS accounts
in AWS SSO.dev-infra
dev-<team identifier>
Assign users
.Groups
.example-dev-infra
example-dev-<team identifier>
Next: Permission sets
.example-dev-infra-team
.Finish
.Repeat the process above to address all of the initial team development groups and AWS accounts.
Now that you’ve established the two team development groups in AWS SSO and granted those groups permissions to access their respective team development AWS accounts, your next step is to create a user in AWS SSO for each builder team member.
Users
in AWS SSO.Add user
.Next: Groups
.example-dev-<team identifier>
or similar.Add user
.Repeat these steps for each builder team user.
Since you’ve already created users in AWS SSO for foundation team members, all you need to do to at this stage is to add the foundation team member users to the newly created foundation team development group in AWS SSO.
Groups
in AWS SSO.example-dev-infra
.Add users
.Add users
.The foundation team members now have access to the foundation team development AWS account.
Meet with the builder team members to brief them on their access and other topics covered in the Example Getting Started Guide for Builder Team Members.