|
| 1 | +--- |
| 2 | +owner_slack: "#govuk-platform-engineering" |
| 3 | +title: Obtain approval before using the fulladmin role on AWS |
| 4 | +section: Infrastructure |
| 5 | +layout: manual_layout |
| 6 | +parent: "/manual.html" |
| 7 | +--- |
| 8 | + |
| 9 | +> ⚠️ To keep GOV.UK secure, use the least privileged role possible. |
| 10 | +> |
| 11 | +
|
| 12 | +Privileged roles such as fulladmin are very powerful. In general, we use [infrastructure as code](https://www.github.com/alphagov/govuk-infrastructure) to configure our systems, and should use privileged roles only when there is no alternative. |
| 13 | + |
| 14 | +When it is required, get a second person to confirm that the access is appropriate. |
| 15 | + |
| 16 | +## Privileged access approval process (AKA cyber thumb) |
| 17 | + |
| 18 | +1. Find a person who is happy to approve that your access is required. |
| 19 | + |
| 20 | +1. Find the ID of the AWS account you'll be accessing. One way of doing this is by running `gds aws govuk-<environment>-developer -d` from a terminal. |
| 21 | + |
| 22 | +1. Go to the [#cyber-security-notifications Slack channel](https://app.slack.com/client/T8GT9416G/C01V4PPNNUF) and click on the green "Action Notification" button to start the workflow. |
| 23 | + |
| 24 | +1. Write a brief summary of your expected activity, add [the account ID](https://docs.google.com/spreadsheets/d/1c3SoA94floYAwxcf8T_zC2i7z82qk28UgbEhr7FLRx4/edit?usp=sharing) and select the person to approve the action. |
| 25 | + |
| 26 | +1. Submit the form. |
| 27 | + |
| 28 | +1. Once the approver has confirmed that it is expected (you should see an update to the Slack channel) you are free to use your privileged role. |
| 29 | + |
| 30 | +## I made a mistake/put the wrong ID in/accessed using the wrong role |
| 31 | + |
| 32 | +As soon as you realise, let your tech lead or a lead from your area know. Fill in the form as above. |
| 33 | + |
| 34 | +You/they will get a follow-up from someone in senior tech if the monitoring has already been triggered. We understand that mistakes happen. This process is to help reduce the scope for these to be dangerous. |
| 35 | + |
| 36 | +Make sure your habitual access is with a lesser privileged role such as the `developer` role. |
| 37 | + |
| 38 | +## I'm on call and there's no one around |
| 39 | + |
| 40 | +If it is not urgent, wait until people are around. Privileged account use can be risky, so it's best to have a second pair of eyes anyway. |
| 41 | + |
| 42 | +If you need access and it cannot wait, use Pagerduty to call the other on-call engineer. If they are not available, escalate to the GOV.UK Programme Escalations rota. |
| 43 | + |
| 44 | +If you cannot contact anyone useful and you still need to access the system urgently after attempting these actions, then do what you need to. The monitoring/alerting should ensure that someone arrives to help. |
| 45 | + |
| 46 | + |
| 47 | + |
| 48 | + |
| 49 | + |
| 50 | + |
| 51 | + |
0 commit comments