AWS Accounts

We are following the AWS well architected best practices and have an account per environment, as well as security accounts, and all the other accounts, which are managed by control tower in terraform. You can see these accounts on the login screen, or as a user in the management account in the management console.

To access the AWS accounts via the CLI or SDKs you need to add the accounts to your AWS configuration file.

Edit the ~/.aws/config file and populate it with the below information: | Note: If you are a frontend engineer, substitute the value of sso_role_name from backend-engineer to frontend-engineer. These are defined in the iam component of the platform-terraform repo over here.

[profile default]
sso_session = ar

[profile dev]
sso_session = ar
sso_account_id = 390403873603
sso_role_name = backend-engineer
region = eu-west-2

[profile staging]
sso_session = ar
sso_account_id = 609902089584
sso_role_name = backend-engineer
region = eu-west-2

[profile demo]
sso_session = ar
sso_account_id = 471112924164
sso_role_name = backend-engineer
region = eu-west-2

[profile production]
sso_session = ar
sso_account_id = 708024954786
sso_role_name = backend-engineer
region = eu-west-2

[profile tools]
sso_session = ar
sso_account_id = 886436950048
sso_role_name = backend-engineer # or frontend-engineer depending on your role
region = eu-west-2

[profile tools-admin]
sso_session = ar
sso_account_id = 886436950048
sso_role_name = AWSAdministratorAccess
region = eu-west-2

[sso-session ar]
sso_start_url = https://assetreality.awsapps.com/start/#
sso_region = us-east-1
sso_registration_scopes = sso:account:access

Now login via sso

aws sso login

Now run this command to test access

aws sts get-caller-identity --profile dev