This article describes the types of account access for customers and TD SYNNEX Public Sector to achieve their AWS goals. These policies will change over time, to match the capabilities of the platform as well as the needs of our customers.
These are the current default IAM entities:
- OrgAdmin - Used by customers for AWS Organizations administration.
- DLT-support - used by TD SYNNEX Public Sector Confirmed Stateside Support team to escalate service requests.
- DLT-PA-Role - Used by TD SYNNEX Public Sector Project Accounting team to facilitate monthly billing.
- DLT-Ops - Used by the TD SYNNEX Public Sector's Confirmed Stateside Support staff for providing technical support and inviting accounts to an AWS Organization.
- DLT-Audit - Utilized by TD SYNNEX Public Sector auditors and analysts.
- CloudCheckr - Provides access to TD SYNNEX Public Sector's billing and utilization tool.
- DLT-CloudOps - Administrative access provisioned in Managed accounts.
- DLT-CloudFinOps - Administrative access provisioned in Managed accounts.
OrgAdmin Policy (current version | previous version | upcoming version):
This IAM role allows customers to perform administration of their AWS Organization and related services at the Organization Account level. The OrgAdmin IAM account is provided for end-users who are designated during the onboarding process.
DLT-support (LEGACY) (click for policy document):
This IAM resource is used by TD SYNNEX Public Sector Confirmed Stateside Support team to escalate service requests.
DLT-support (policy list below):
This IAM role allows TD SYNNEX Public Sector Confirmed Stateside Support team to escalate service requests.
AWS managed policies:
DLT-PA Policy (current version | previous version | upcoming version):
This IAM role is used at the Management Account level to process monthly billing for customers. The AWS-PA IAM role is only used by the TD SYNNEX Public Sector Project Accounting team.
DLT-Ops Policy (current version | previous version | upcoming version):
This IAM role is used at the Management Account level to provide operational support during the life of the AWS contract. Activities include the collaboration of Confirmed Stateside Support troubleshooting, limit increases, and other related technical assistance. This IAM role is only used by TD SYNNEX Public Sector Confirmed Stateside Support staff.
DLT-Audit Policy (current version | previous version | upcoming version):
This IAM role is used at the Management Account level to ensure account compliance with AWS and TD SYNNEX Public Sector agreements. The AWS-Auditor account is only used by the TD SYNNEX Public Sector analysts and auditors.
CloudCheckr Policy (click for policy document):
This IAM role is used at the Management Account level to provide access to the TD SYNNEX Public Sector billing tool, CloudCheckr. This IAM role is only used by the CloudCheckr billing tool. To learn more about customer access to this tool, please visit this link.
DLT-CloudOps Policy:
Administrative access provisioned in Managed accounts using AWS's in line Administrator Policy. Used to leverage Governance as Code at Scale.
DLT-CloudFinOps Policy:
Administrative access provisioned in Managed accounts using AWS's in line Administrator Policy. Used to administer financial operations and configurations related to billing and services.
TD SYNNEX Public Sector User Access Flowchart:
Comments
0 comments
Please sign in to leave a comment.