Skip to content

Commit fac9a51

Browse files
zaro0508zaro0508
authored
[IT-4658] Setup access to AWS bixarena dev account (#1484)
Setup SSO user access to AWS org-sagebase-bixarena-dev account. depends on #1483
1 parent dfd6a83 commit fac9a51

File tree

1 file changed

+44
-0
lines changed

1 file changed

+44
-0
lines changed

org-formation/700-aws-sso/_tasks.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -342,6 +342,14 @@ Parameters:
342342
Type: String
343343
Default: '04182458-5011-7026-862d-509a06438571'
344344

345+
BixArenaDevAdminGroup: # JC aws-bixarena-dev-admins
346+
Type: String
347+
Default: '44184428-3041-708e-d3eb-13e1087d6a83'
348+
349+
BixArenaDevDeveloperGroup: # JC aws-bixarena-dev-developers
350+
Type: String
351+
Default: 'e4a80428-1011-70ac-cd92-8ef05c19ac4f'
352+
345353
BixArenaProdAdminGroup: # JC aws-bixarena-prod-admins
346354
Type: String
347355
Default: 'f4e8a418-10b1-70cc-a6b6-95aea41819d1'
@@ -2300,6 +2308,42 @@ SsoGenAiIcDevDeveloper:
23002308
principalId: !Ref GenAiIcDevDevelopersGroup
23012309
permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-developer-permission-set-arn' ]
23022310

2311+
SsoBixArenaDevAdmin:
2312+
Type: update-stacks
2313+
DependsOn: SsoAdministrator
2314+
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.2/templates/SSO/aws-sso.njk
2315+
TemplatingContext: {}
2316+
StackName: !Sub '${resourcePrefix}-${appName}-bixarena-dev-admin'
2317+
StackDescription: 'SSO: admin role used by BixArena dev admin group'
2318+
DefaultOrganizationBindingRegion: !Ref primaryRegion
2319+
DefaultOrganizationBinding:
2320+
IncludeMasterAccount: true
2321+
OrganizationBindings:
2322+
TargetBinding:
2323+
Account: !Ref BixArenaDevAccount
2324+
Parameters:
2325+
instanceArn: !Ref instanceArn
2326+
principalId: !Ref BixArenaDevAdminGroup
2327+
permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-admin-permission-set-arn' ]
2328+
2329+
SsoBixArenaDevDeveloper:
2330+
Type: update-stacks
2331+
DependsOn: SsoDeveloper
2332+
Template: https://raw.githubusercontent.com/Sage-Bionetworks/aws-infra/v0.10.2/templates/SSO/aws-sso.njk
2333+
TemplatingContext: {}
2334+
StackName: !Sub '${resourcePrefix}-${appName}-bixarena-dev-developer'
2335+
StackDescription: 'SSO: developer role used by BixArena dev developer group'
2336+
DefaultOrganizationBindingRegion: !Ref primaryRegion
2337+
DefaultOrganizationBinding:
2338+
IncludeMasterAccount: true
2339+
OrganizationBindings:
2340+
TargetBinding:
2341+
Account: !Ref BixArenaDevAccount
2342+
Parameters:
2343+
instanceArn: !Ref instanceArn
2344+
principalId: !Ref BixArenaDevDeveloperGroup
2345+
permissionSetArn: !CopyValue [ !Sub '${resourcePrefix}-${appName}-developer-permission-set-arn' ]
2346+
23032347
SsoBixArenaProdAdmin:
23042348
Type: update-stacks
23052349
DependsOn: SsoAdministrator

0 commit comments

Comments
 (0)