Skip to content

Commit f40593d

Browse files
zaro0508zaro0508
authored
[IT-4546] Setup access to AWS account (#1448)
Setup SSO user access to AWS org-sagebase-bixarena account. depends on #1447
1 parent 7ac6bc2 commit f40593d

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

org-formation/700-aws-sso/_tasks.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,14 @@ Parameters:
342342
Type: String
343343
Default: '04182458-5011-7026-862d-509a06438571'
344344

345+
BixArenaProdAdminGroup: # JC aws-bixarena-prod-admins
346+
Type: String
347+
Default: 'f4e8a418-10b1-70cc-a6b6-95aea41819d1'
348+
349+
BixArenaProdDeveloperGroup: # JC aws-bixarena-prod-developers
350+
Type: String
351+
Default: '7478a468-8051-708a-24cc-0b07adfa1835'
352+
345353
#------------- personal AWS accounts ------------------
346354
BuA2aDwAdminGroup: #JC aws-BuA2aDw-admins
347355
Type: String
@@ -2291,3 +2299,39 @@ SsoGenAiIcDevDeveloper:
22912299
instanceArn: !Ref instanceArn
22922300
principalId: !Ref GenAiIcDevDevelopersGroup
22932301
permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-developer-permission-set-arn' ]
2302+
2303+
SsoBixArenaProdAdmin:
2304+
Type: update-stacks
2305+
DependsOn: SsoAdministrator
2306+
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.2/templates/SSO/aws-sso.njk
2307+
TemplatingContext: {}
2308+
StackName: !Sub '${resourcePrefix}-${appName}-bixarena-prod-admin'
2309+
StackDescription: 'SSO: admin role used by BixArena prod admin group'
2310+
DefaultOrganizationBindingRegion: !Ref primaryRegion
2311+
DefaultOrganizationBinding:
2312+
IncludeMasterAccount: true
2313+
OrganizationBindings:
2314+
TargetBinding:
2315+
Account: !Ref BixArenaProdAccount
2316+
Parameters:
2317+
instanceArn: !Ref instanceArn
2318+
principalId: !Ref BixArenaProdAdminGroup
2319+
permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-admin-permission-set-arn' ]
2320+
2321+
SsoBixArenaProdDeveloper:
2322+
Type: update-stacks
2323+
DependsOn: SsoDeveloper
2324+
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.2/templates/SSO/aws-sso.njk
2325+
TemplatingContext: {}
2326+
StackName: !Sub '${resourcePrefix}-${appName}-bixarena-prod-developer'
2327+
StackDescription: 'SSO: developer role used by BixArena prod developer group'
2328+
DefaultOrganizationBindingRegion: !Ref primaryRegion
2329+
DefaultOrganizationBinding:
2330+
IncludeMasterAccount: true
2331+
OrganizationBindings:
2332+
TargetBinding:
2333+
Account: !Ref BixArenaProdAccount
2334+
Parameters:
2335+
instanceArn: !Ref instanceArn
2336+
principalId: !Ref BixArenaProdDeveloperGroup
2337+
permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-developer-permission-set-arn' ]

0 commit comments

Comments
 (0)