We need a clear process for vetting and assigning AWS Access request that is based on the role that someone is playing in the organization. Ideally we will get AD integration. But this is not enough, too many engineers are requesting production access and this indicates a training, and tooling issue across the board.
### Tasks
- [ ] Answer the question: what are the valid reasons for accessing production systems
- [ ] Answer the question: Who should have that access by role
- [ ] Answer the question: Do we need more vetting for individuals with production access roles?
- [ ] Define the appropriate roles
- [ ] Instead of focusing on temporary AWS access consider focusing on the auditing of that access
Consider implementing this when we get to Rails 7 or doin gsomething similar in Rails 6. We can add a simple monkeypatch to the console initailization in the mean time.
kell-y
commented
4 months ago
We need a clear process for vetting and assigning AWS Access request that is based on the role that someone is playing in the organization. Ideally we will get AD integration. But this is not enough, too many engineers are requesting production access and this indicates a training, and tooling issue across the board.
Consider implementing this when we get to Rails 7 or doin gsomething similar in Rails 6. We can add a simple monkeypatch to the console initailization in the mean time.