<aside>
π‘ Reach out to #wg-aws-access if you have any questions.
</aside>
Sourcegraph AWS Organization is jointly managed by the Infra and Tech Ops team. This includes:
| AWS Account | Description | Web console access | CLI/API/Terraform access |
|---|---|---|---|
| Team-dedicated dev accounts | Team accounts used for non-production purposes. Storing production/customer data is not allowed. | Login via steps - no Entitle access required | follow steps - no Entitle access required |
| Team-dedicated production accounts | Every Team accounts used for production purposes. | Request Entitle permission AWS SSO - Escalation. When approved, follow steps |
Request Entitle permission AWS SSO - Escalation. When approved, follow steps |
| Cloud Ops production accounts | Cloud production accounts are customer-dedicated accounts for connectivity with customers' code hosts. | Request Entitle permission AWS SSO - Escalation. When approved, login via steps |
Request Entitle permission AWS SSO - Escalation. When approved, follow steps |
| Management Account (Root) Read-only | Management account (read-only) is used to view OKTA integration, billing and organisation structure. | Request Entitle permission AWS SSO Viewer. When approved, login via steps |
Request Entitle permission AWS SSO Viewer. When approved, follow steps |
| Management Account (Root) Admin | Management account is used to manage AWS Identity Center, integrated with OKTA. Terraform access is required to create/delete AWS accounts and assign access to newly created AWS accounts. | Request Entitle permission AWS SSO Admin. When approved, login via steps |
Request Entitle permission AWS SSO Admin. When approved, follow steps |
<aside> π‘ Before creating a new account, review existing accounts from here and consider Request permanent access to existing development accounts to one of them if there are overlapping use cases.
</aside>
<aside> π‘ This request can be self-served, please follow the instructions below.
</aside>
AWS accounts are owned by team, which is responsible for requesting access and managing resources. To create a new AWS account:
#wg-aws-access channel and tag @cloud-support .<aside>
π° Note: Default billing alert is set to $500/mo. If you require a higher limit, contact #discuss-finance for approval and attach evidence in the PR.
</aside>
<aside> π¨ SECURITY: Permanent access should only be added to development accounts, and itβs not permitted in production accounts. Learn more from Access Policy above.
</aside>