Closed Bug 1633080 Opened 6 years ago Closed 6 years ago

Summary - Request to Enable Single Sign On on AWS Accounts- mozilla-devservices - 8200 and Account ID: 699292812394

Categories

(Developer Services :: General, task)

Product:
Developer Services
Component:
General
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: schu, Unassigned)

References

Details

Hi,

We're reaching out to Mozillians who are responsible for AWS accounts in an effort to standardize the authentication methods used for all of Mozilla's AWS accounts.

By standardizing your account and enabling Mozilla Single Sign On (SSO), you'll be able to use your existing Mozilla SSO web browser session to access AWS (no more typing your AWS password or AWS MFA token needed) and avoid storing static AWS API keys on your laptop. We will improve our ability to deprovision users when an employee leaves, gain enhanced visibility and auditability if your AWS account is compromised, reduce risk of exposure of AWS API keys and avoid manual processes.

We've created a set of instructions for AWS account owner(s) to enable federated AWS login with Single Sign On in your AWS account. The instructions can be found here. We'd like this to be completed within 2 weeks (5/8/20).

After enabling Single Sign on in your AWS account, you'll be able to access your account via the AWS Web Console, the CLI or in code using these instructions.

Once your team has used AWS with Single Sign On for a few weeks, you'll be ready to remove the existing IAM users of the Mozillians that use your AWS account. We will likely follow up with you in this ticket about the removal of those IAM users when the time comes.

If, in the process of enabling Single Sign On in your AWS account, you encounter any problems or have any questions, feel free to ask them here in this bug.

If you'd like to learn more about this project, more detail about the tech and more ways you can implement this single sign on system you can find that on this page.

Flags: needinfo?(klibby)
Flags: needinfo?(jwatkins)
Blocks: 1626082

Hi Sarah,

The mozilla-devservicesAWS account is part of the Firefox AWS accounts that are managed separately from SSO for security reasons. We may evaluate using SSO for non-operational IAM in the future, but all admin-level accounts are managed separately using our own tooling.

Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
Flags: needinfo?(klibby)
Flags: needinfo?(jwatkins)
See Also: → 1526032
You need to log in before you can comment on or make changes to this bug.