...
The following roles are defined in the Department Cloud Tools:
| Role | Functions | Members |
|---|---|---|
| Cloud Tools Owners | Create a "cloud account" associated with a department OU | ITS Staff |
| OU Owners | Assign EIDs as "cloud account admins" for a cloud account | Existing owners for Active Directory departments |
| Cloud Account Admins | Create and populate role groups | EIDs assigned by OU Owners to a cloud account |
The process for associating a user account with an IAM role is as follows:
- An existing A department owner requests a new cloud account by providing for an AWS account number to ITSITS staff create a from the ITS Cloud Team via Service Now
- A member of the ITS Cloud Team creates a cloud account for the department with the provided AWS account number
- Department A department owners assign assigns EIDs as as cloud account admins for the new cloud account
- A cloud account admin creates role groups for AWS IAM roles
- A cloud account admin populates the role groups with EIDs, native Active Directory department accounts, or Active Directory groups
...