Review Note: This section is an early draft and undergoing reviewing and editing.
In this step either Security or Cloud Administrators will onboard your team members who will be granted access to administer your initial workloads in your test and production environments.
This step should take about 30 minutes to complete.
Work with your cross-functional colleagues in Security, Compliance, and Finance to assemble the basic form of a getting started document and share it with the members of the initial builder teams so that they understand the fundamentals of their responsibilities, access permissions, and how to access and begin using their test and production workloads AWS accounts.
Create a new group in AWS SSO for each of the groups of people would need administrative access to manage your initial workloads. Associate these groups with an initial set of permissions and the respective test and production workloads AWS accounts.
Initially, you might need only a single workload administrator group.
Management consoleassociated with the
Groupsin AWS SSO.
examplewith your organization’s identifier:
<workload identifier> Administrators
Next, enable each workload administrator group to access the associated test and production workloads AWS accounts.
AWS accountsin AWS SSO.
example-<workload>-admingroup you created in step 1.
Next: Permission sets.
This assumes you’ve already created users in AWS SSO for team members who will administer the workload, or alternatively you’ve migrated to a federated access model. If this is not the case, you can create new users by following the process documented earlier in this guide.
Groupsin AWS SSO.
The team members will now have access to the workload-specific test and production workloads AWS accounts.
Meet with the team members who have been granted access to brief them on their access and their responsibilities.