Adding a new team member to the Modernisation Platform

There are a few things to do when a new team member joins:

1. Add them to the team page

2. Add them to our GitHub team

   If they need access to our AWS landing zone:

3. (Optional) Add them as a superadmin to our AWS landing zone

Adding them to the team page

To add them to our team page, update the file at source/team/team.html.md.erb with:

• their name and job title
• an updated count of team members

Submit a pull request and when it’s merged, they will appear on our team page.

You can view a sample PR in case you get stuck.

Adding them to our GitHub team

To add them to our GitHub team, update the file at terraform/github/locals.tf with:

• their GitHub username either in:
  • the general_members list, if they don’t need access to AWS
  • the engineers list, if they do need access to AWS via AWS SSO

If they are a GitHub organisation owner, add them to the maintainers list too. This is because GitHub will return their role as a maintainer, because GitHub organisation owners always have those permissions.

You can view a sample PR in case you get stuck.

Adding them as a superadmin in our AWS landing zone

To add them as a superadmin in our AWS landing zone, add their firstname.lastname in the modernisation-platform-terraform-iam-superadmins main.tf file. You can optionally add a Keybase username to obtain the initial password as a PGP encrypted output.

You can view a sample PR in case you get stuck.

Once your PR has been merged, create a new GitHub release for the IAM superadmins module sample release.

In your local Modernisation Platform repository clone:

• Update the module reference sample PR
• cd into modernisation-platform/terraform/modernisation-platform-account
• Run terraform plan with your superuser credentials to check the new user will be successfully added
• Complete a pull request to allow the CI workflow to conduct terraform apply and add the new IAM user.

Once their IAM user has been created, log into the AWS console yourself and:

• switch into the superadmin role in the Modernisation Platform account
• go to their IAM user in IAM Users
• go to the Security Credentials tab
• call the user and assign an MFA device with them
• configure console access with an autogenerated password and require a password reset on their next login

This page was last reviewed on 16 November 2023. It needs to be reviewed again on 16 May 2024 by the page owner #modernisation-platform .

This page was set to be reviewed before 16 May 2024 by the page owner #modernisation-platform. This might mean the content is out of date.