What is an initial role?

An initial role is the first IAM role that users assume when they log into our AWS estate.

This initial role can't do anything except assume a more specific IAM role. It's a "stepping stone" into AWS.

Which initial role do you use?

The initial roles are handled by User Groups in the Azure AD application for the Platform AWS account.

Everybody who can log into our AWS estate is a member of at least one of these groups. Each group has two roles assigned:

• The azure_sso-saml_provider role

• An initial role, for example digirati-dev or data-analyst

When you log in to AWS, your initial role is determined by the role assigned to each of the groups that you're in.

Examples

1. Suppose you're a member of the RG_WC_Digital_Data_Analyst group. The initial role assigned to this group is data-analyst.

   There is only one choice of role, so when you log in to AWS, you're logged in using the data-analyst role.

2. Suppose you're a member of the RC_WC_Digital_Platform_Developer and RC_WC_Digital_Workflow_Developer groups. The initial roles assigned to these groups are platform-dev and workflow-dev.

   When you log in to AWS, you'll be offered a choice between these two roles.