Site-Infra is deprecating the use of tvlk-dev users for assuming roles in tvlk-prod. This includes assuming ProductDomainAdmin roles. Continuing onwards, all assume-role operations will use SAML from tvlk-user account.
The reason is Site Infra have (confirmed) suspicions that tvlk-dev security practices are lacking and want to discourage use of IAM users in general.
Site-Infra has activated SAML for all PDAs listed on this document:
https://docs.google.com/spreadsheets/d/1nteD73s9nqL9ntwBiJGrJlK4GnEyI2lJHx-U1eAOA3E/edit?usp=sharing
To verify that your SAML is working, please access this link https://accounts.google.com/o/saml2/initsso?idpid=C02ynfcr7&spid=717883224150&forceauthn=false and make sure that you can already login to AWS dashboard.
For the next step, we will change the trust policy from using tvlk-dev users to SAML users, which means that afterwards you can no longer use tvlk-dev user to assume PDA role.
I will inform you in this channel when we plan to execute this change (potentially next week before freeze). If you have any concerns, please add your comments.
Thanks!