Follow

AWS Account Access Overview

This article describes the types of account access for customers and DLT to achieve their AWS goals. These policies will change over time, to match the capabilities of the platform as well as the needs of our customers.

These are the current default IAM entities:

  1. OrgAdmin - Used by customers for AWS Organizations administration.
  2. AWS-PA - Used by DLT Project Accounting team to facilitate monthly billing.
  3. DLT-Ops - Used by the DLT's Confirmed Stateside Support staff for providing technical support and inviting accounts to an AWS Organization.
  4. DLT-Auditor - Utilized by DLT auditors and analysts.
  5. CloudCheckr - Provides access to DLT's billing and utilization tool. 
  6. DLT-CloudOps - Administrative access provisioned in DLT-Managed accounts.

OrgAdmin Policy (click for policy document):

This IAM role allows customers to perform administration of their AWS Organization and related services at the Organization Account level.  The OrgAdmin IAM account is provided for end-users who are designated during the onboarding process.

AWS-PA Policy (click for policy document):

This IAM role is used at the Master Account level to process monthly billing for customers. The AWS-PA IAM role is only used by the DLT Project Accounting team.

DLT-Ops Policy(click for policy document):

This IAM role is used at the Master Account level to provide operational support during the life of the AWS contract. Activities include the collaboration of Confirmed Stateside Support troubleshooting, limit increases, and other related technical assistance. This IAM role is only used by DLT Confirmed Stateside Support staff.

DLT-Audit Policy (click for policy document):

This IAM role is used at the Master Account level to ensure account compliance with AWS and DLT agreements. The AWS-Auditor account is only used by the DLT analysts and auditors.

CloudCheckr Policy(click for policy document):

This IAM role is used at the Master Account level to provide access to the DLT billing tool, CloudCheckr. This IAM role is only used by the CloudCheckr billing tool. To learn more about customer access to this tool, please visit this link.

DLT-CloudOps policy:

Administrative access provisioned in DLT-Managed accounts using AWS's in line Administrator Policy. Used to leverage Governance as Code at Scale.

 

Was this article helpful?
8 out of 8 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk