Background
In an effort to secure and bring TVLK-Dev AIM to compliance, Security Operations Team is taking steps to clean up IAM user access in legacy TVLK Dev environment. It is recommended to use the Google SSO to access the AWS accounts via SAML Login.
What do you need to do ?
We have noticed that 401 users still have individual user account access to TVLK-Dev account. Security Operations Team has taken the initiative to enable SSO access to all users found in tvlk-dev at this point (note: Some users already had SSO and seem to be using SAML login already.)
We request all users to start using the SAML login to AWS (if not using already) and assume respective roles as needed in tvlk-dev account.
Refer below link:
https://29022131.atlassian.net/wiki/spaces/AWS/pages/1110737095/How+to+assume+role+in+AWS+Console+using+Google+SSO
Also, please shift your dependencies of using IAM user access to role based access in TVLK-Dev account.
Going forward, we are going to remove all IAM users from the account.
Below is the list of users having individual access to AWS legacy TVLK-Dev account.
https://docs.google.com/spreadsheets/d/1oKc-bHDDfxUQVbCMZOvGw2B0mou5OqHWW_N57LQOjnM/edit?usp=sharing
What is the Plan and Timelines ?
Please make sure to clear all dependency from your side as needed on or before 15th July 2020. Let us know if we need to create an exception for you based on your dependency or need more time.
Post date, we will be re-assessing the progress and will move to enforce and delete IAM Users in legacy TVLK Dev environment in order to make sure everyone follows Traveloka best practises.
Feel free to reach out to us in case of any dependencies or any other questions and/or concerns.