The Department Cloud Tools are designed to simplify the association of UT staff with IAM roles in AWS. The tools consist of a web portal and a series of dedicated groups and organizational units created in the Austin Active Directory.
The following roles are defined in the Department Cloud Tools:
| Role | Functions | Members |
|---|---|---|
| Cloud Tools Owners | Create a "cloud account" associated with a department OU | ITS Staff |
| OU Owners | Assign EIDs as "cloud account admins" for a cloud account | Existing owners for Active Directory departments |
| Cloud Account Admins | Create and populate role groups | EIDs assigned by OU Owners to a cloud account |
The process for associating a user account with an IAM role is as follows:
- A department owner requests a new cloud account for an AWS account number from the ITS Cloud Team via Service Now
- A member of the ITS Cloud Team creates a cloud account for the department with the provided AWS account number
- A department owners assigns EIDs as cloud account admins for the new cloud account
- A cloud account admin creates role groups for AWS IAM roles
- A cloud account admin populates the role groups with EIDs, native Active Directory department accounts, or Active Directory groups