Prerequisites

Owned by Olamide Olaoye
Last updated: Jan 24, 2024 by Akshith Yellapragada
1 min read

  1. Create 1Password for credentials (To be completed by the Client)

  2. If not already available, create an external Identity provider for SSO and store credentials in 1Password. Sample AWS supported options include Azure AD, CyberArk, JumpCloud, Okta, Onelogin, Ping Identity. Once a preferred SSO provider is chosen, the SSO management account should be created by the client.
    Note, the AWS default SSO option could also be chosen for a start pending when the client is willing to subscribe to an external identity provider.

  3. Create AWS root account and store root credentials in 1Password. If possible, account should be created using a group email address, e.g aws-management@example.com.

The Google Group must be set up to allow anyone on the web to post to the group.

GeneralWho Can PostAnyone on the web

Otherwise, the verification email from AWS will not go through. If your group settings do allow anyone to post, but you still do not see the AWS email, check under Conversations > Pending in Google Groups.

  1. Create the following group emails to be used for other dependency accounts in AWS (To be completed by the Client), to use the below email address naming convention, the ACCOUNT_EMAIL_PREFIX in your landing-zone configuration file should be aws-;

    1. aws-management@example.com

    2. aws-identity@example.com

    3. aws-audit@example.com

    4. aws-backup@example.com

    5. aws-report@example.com

    6. aws-log-archive@example.com

    7. aws-network@example.com

    8. aws-operations@example.com

    9. aws-sandbox@example.com

    10. aws-production@example.com

    11. sso-management@example.com

  2. Create a Github organisation (To be completed by the Client).

  3. Create necessary repositories on GitHub.

  4. Login to AWS and enable MFA on the root account for AWS, then you can link the MFA to 1Password.