Add NEC user of YJAF to AWS SSO

[AntonyBishop]

User Need

As a Hosting Team I want to replace the existing process used to manage access to YJAF associated AWS accounts with AWS SO so that we have a consistent approach for how users access AWS.

Value

• Standardises access process
• Enable deprecation of current YJAF access management code, which we can't support.
• Enforces 2FA via linked GutHub identify
• Aligns to similar GitHub access that will be needed for migration to Modernisation/Cloud Platform.

Risk/Constraint

• User will need to be converted from External Collaborators to MoJ GH Org Members.

Requirements:

1. Document existing YJAF account set up and permissions.
2. Identify any issues that might block using SSO.
3. Write comms regarding changes for NEC so that they understand the changes.
4. Create GitHub Teams for NEC users.
5. Convert NEC users from collaborators to org members.
6. Remove NEC Collaborators from github-collaborators

Acceptance Criteria:.

1. We have a define strategy for moving NEC users to SSO
2. SSO code updated
3. GitHub changes made to facilitate SSO process
4. NEC users now accessing AWS via SSO

Notes:

[davidkelliott]

We can create the SSO permission sets etc first, get the relevant people in the GitHub org and teams to test access before removing IAM users. We'll need to consider the config set up which is also covered here if we want to decommission this repo though.

[AntonyBishop]

Slack thread - https://mojdt.slack.com/archives/C06P4KA0V0A/p1711456600109709