What is an initial role?
An initial role is the first IAM role that users assume when they log into our AWS estate. It is represented by a permission set in the AWS Identity Center.
This initial role can't do anything except assume a more specific IAM role. It's a "stepping stone" into AWS.
Which initial role do you use?
The initial roles are handled by AWS Identity Center configuration for the Platform AWS account.
This is terraformed in the wellcomeorganisation-infra
repository, in the Wellcome Trust GitHub organisation.

Everybody who can log into our AWS estate is a member of at least one of these groups.
Groups can be associated with permission sets, which applies IAM policies in a particular AWS account.

When you log in to AWS, your initial permissions set is determined by the role you choose at the Identity Center login screen.

Examples
Suppose you're a member of the
RG_WC_Digital_Platform_Lead
group. A permission set assigned to this group isweco-developer
.There is only one choice of role, so when you log in to AWS, you're logged in using the
weco-developer
role.Suppose you're a member of the
RG_WC_Digital_Platform_Lead
andRG_WC_Digital_Artefactual
groups. The initial roles assigned to these groups areweco-developer
andweco-artefactual-developer
.When you log in to AWS via Identity Center, you'll be offered a choice between these two roles.
Last updated