Review Note: This section is an early draft and undergoing reviewing and editing.
In this step either Security or Cloud Administrators will onboard your team members who will be granted access to administer your initial workloads in your test and production environments.
This step should take about 30 minutes to complete.
Work with your cross-functional colleagues in Security, Compliance, and Finance to assemble the basic form of a getting started document and share it with the members of the initial builder teams so that they understand the fundamentals of their responsibilities, access permissions, and how to access and begin using their test and production workloads AWS accounts.
Create a new group in AWS SSO for each of the groups of people would need administrative access to manage your initial workloads. Associate these groups with an initial set of permissions and the respective test and production workloads AWS accounts.
Initially, you might need only a single workload administrator group.
management
account.Management console
associated with the AWSAdministratorAccess
role.AWS SSO
.Groups
in AWS SSO.Create group
.example
with your organization’s identifier:example-<workload_id>-admin
<workload identifier> Administrators
Create
.Next, enable each workload administrator group to access the associated test and production workloads AWS accounts.
AWS accounts
in AWS SSO.<workload>-test
<workload>-prod
Assign users
.Groups
.example-<workload>-admin
group you created in step 1.Next: Permission sets
.example-<workload>-admin-team
.Finish
.This assumes you’ve already created users in AWS SSO for team members who will administer the workload, or alternatively you’ve migrated to a federated access model. If this is not the case, you can create new users by following the process documented earlier in this guide.
Groups
in AWS SSO.example-<workload>-admin
.Add users
.Add users
.The team members will now have access to the workload-specific test and production workloads AWS accounts.
Meet with the team members who have been granted access to brief them on their access and their responsibilities.