AWS account setup
  • AWS account setup
  • How to
    • How to log in to the AWS console
    • How to get credentials for working locally, e.g. the AWS CLI
    • How to select a role in the AWS CLI
    • How to get credentials for staff who aren't developers
  • Users, IAM roles, accounts, and so on
    • Introduction
    • What are our AWS accounts?
    • What is an initial role?
    • What are our standard roles?
  • Networking
    • Our VPC setup
Powered by GitBook
On this page
  1. Users, IAM roles, accounts, and so on

What are our standard roles?

Within each account, we create a standard set of roles.

Each role name is made up of two parts: the name of the account, and the role suffix. For example, workflow-developer has the account name workflow and the role suffix developer.

This is a list of our standard roles:

role suffix
example role
what it allows

admin

workflow-admin

Complete access to the account. This is a superuser role that can do anything.

developer

platform-developer

Complete access, bar a handful of destructive actions (e.g. deleting S3 buckets). This also doesn’t allow configuring IAM users.

read_only

digitisation-read_only

Provides read-only access to most of the account. This doesn't include access to secrets in Secrets Manager.

ci

identity-ci

Provides the permissions that CI needs to do things in this account (e.g. publishing Docker images to ECR). Usually used by CI instances only.

PreviousWhat is an initial role?NextOur VPC setup

Last updated 1 year ago