AWS account setup
  • AWS account setup
  • How to
    • How to log in to the AWS console
    • How to get credentials for working locally, e.g. the AWS CLI
    • How to select a role in the AWS CLI
    • How to get credentials for staff who aren't developers
  • Users, IAM roles, accounts, and so on
    • Introduction
    • What are our AWS accounts?
    • What is an initial role?
    • What are our standard roles?
  • Networking
    • Our VPC setup
Powered by GitBook
On this page
  1. How to

How to get credentials for staff who aren't developers

PreviousHow to select a role in the AWS CLINextIntroduction

Last updated 1 year ago

There are some staff who work in our AWS estate, but who aren't developers and who can't use the aws-azure-login CLI tool.

For example, Collections staff who need to access born-digital archives in our S3 buckets.

For these staff, we create per-person IAM users and give them the IAM access keys. These users have tightly scoped permissions to do exactly the task in question, and nothing more.

These per-person IAM users are managed in Terraform in our (private) .

iam-users repository