Start using SSO credentials instead of superadmin for local work.

[davidkelliott]

User Story

The superadmin credentials (AWS access keys) should not be used everyday, we should switch to SSO credentials and delete all superadmin creds, creating them to use as one off only when absolutely necessary.

User Type(s)

MP engineer

Value

Increase the security of the platform

Questions / Assumptions / Hypothesis

Hypothesis

If we use SSO credentials for local development we won't need to have superadmin credentials anymore

Proposal

Work out how to use SSO credentials with our current Terraform, then once tested and documented remove superadmin credentials.

Definition of done

• [ ] superadmin credentials deleted
• [x] readme has been updated
• [x] user docs have been created/updated
• [x] another team member has reviewed
• [x] tests are green
• [ ] UR test OR added to continual research plan

Reference

How to write good user stories

[julialawrence]

Relevant PR: https://github.com/ministryofjustice/modernisation-platform/pull/2455

• Add MP Account AdministratorAccess role to relevant trust policies to allow local plans/applies

[julialawrence]

Related PR: https://github.com/ministryofjustice/aws-root-account/pull/612

• Enable AdministratorAccess role in Modernisation Platform account

[julialawrence]

More PRs:

https://github.com/ministryofjustice/modernisation-platform/pull/2509 -- merging providers for delegate-access https://github.com/ministryofjustice/modernisation-platform/pull/2508 -- doc updates https://github.com/ministryofjustice/modernisation-platform-ami-builds/pull/113 -- sprinkler and example fixups found while testing.