search

ministryofjustice / modernisation-platform

A place for the core work of the Modernisation Platform • This repository is defined and managed in Terraform
https://user-guide.modernisation-platform.service.justice.gov.uk
MIT License
679 stars 290 forks source link

Manage member account AWS SSM settings centrally #1302

Open davidkelliott opened 2 years ago

davidkelliott commented 2 years ago

User Story

There are several settings for SSM such as KMS encryption and sending logs to cloudwatch that we want to manage centrally. A user of the platform tried to amend these to improve the security and logging for SSM, but found they did not have the required permissions, but this has highlighted this to us as something we a) need to improve, and b) want to manage centrally to ensure standards are followed and consistent across the platform.

Value

This ensures that security settings or logs for SSM cannot be disabled by application teams and settings are consistent across the platform.

Questions / Assumptions

Review the SSM settings and decide on platform appropriate values to manage them centrally. Also then properly lock down the ability to change these for end users. (All of these are open for the MemberInfrastructureAccess role to amend, it was only a missing kms key role for the developer connecting via SSM that prevented the changes)

See example of what the user wanted to do here - https://github.com/ministryofjustice/modernisation-platform-environments/pull/212/files

Definition of done

Reference

How to write good user stories

github-actions[bot] commented 6 months ago

This issue is stale because it has been open 90 days with no activity.