Guest Access to AWS Fleet Manager (Remote Desktop only) #5786
Comments
|
Step 3 on page 953 might do what we need to lock down session manager access to a single EC2 instance. https://docs.aws.amazon.com/pdfs/systems-manager/latest/userguide/systems-manager-ug.pdf |
|
can we add to an existing role or does it need to be a brand new role. Edd to discuss with Nick. To be done by a new member of the team, supported by Edd |
SimonPPledger
added
good first issue
|
I'm easy, whatever works. As long as they can only access a single EC2 instance via fleet manager then we're good. This will be in January now. |
|
lets create new role with access to fleet manager only |
|
Role and policy created. Informed @SimonPPledger of it, and tested it. @sukeshreddyg has done all this work, and it works great! All we need when the time arises is the name of the third party (so we can created them collab access) Apart from that, ticket complete, waiting Simons sign off. |
|
Great news, so the role/policy only grant access to fleet manager and the terminal session option is disabled? |
|
Role created for collaborators. |
github-project-automation
bot
moved this from Blocked
to Done
in Modernisation Platform
User Story
I have a query involving granting temporary PPUD access to a guest user (MoJ partner). We need to allow them to have access to AWS Fleet Manager but only the RDP component. We need to disable terminal session access. Further RDP access will then be controlled via domain security groups. Terminal session access via ssm-user is a backdoor that we'd like to close off, but this can only be done in AWS. Can a profile be created to provide this level of access? Are the permissions that granular?
The profile should only be allowed access to the Development environment. I know this is easily done. It should also only have read only permissions to allow other aspects of AWS.
Value / Purpose
The guest user is performing some development work for the MoJ and needs access to the code base, which we are going to provide on a custom built EC2 instance. We need to lock down access to only this EC2 instance and only via remote desktop.
Useful Contacts
Nick Buckingham
Additional Information
I've reviewed the guide on user access but don't see a particular profile that meets our requirements, meaning a custom one may be required. Is this possible?
https://user-guide.modernisation-platform.service.justice.gov.uk/user-guide/creating-environments.html#access
Proposal / Unknowns
No response
Definition of Done
Guest user has remote desktop access to a single EC2 instance. Read only permissions on AWS and terminal session access via fleet manager is disabled for the user.
The text was updated successfully, but these errors were encountered: