First part of AWS admin access approval process#5272
Draft
Conversation
This will be followed in due course by the process for responders to pages.
AgaDufrat
reviewed
Oct 8, 2025
|
|
||
| If it is not urgent, wait until people are around. Privileged account use can be risky, so it's best to have a second pair of eyes anyway. | ||
|
|
||
| If you need access and it cannot wait, use Pagerduty to call the other on-call engineer. If they are not available, escalate to the GOV.UK Programme Escalations rota. |
Contributor
There was a problem hiding this comment.
I recognise this will be super rare but it would be good to clarify what we are calling them for (to approve the cyber thumb or to shadow/pair on the task). The GOV.UK Programme Escalations person may not be technical so perhaps it's to sense check your privileged access action and confirm you are permitted to do it.
AgaDufrat
reviewed
Oct 8, 2025
| @@ -0,0 +1,44 @@ | |||
| --- | |||
| owner_slack: "#govuk-platform-engineering" | |||
| title: Obtain approval before using the fulladmin role on AWS | |||
Contributor
There was a problem hiding this comment.
Side comment. I think we should email the GOV.UK Technology Members about this new process. Slack hasn't been always the best in communicating "breaking" changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This guidance will be followed in due course by the process for responding to cyber-security alerts.