AWS
Accounts
As of 3/12/2020 we now have access to 2 distinct AWS accounts:
- Science History IT, Account # 335460257737 which is where the Digital Collections, ArchiveSpace, and other projects our group manages live.
- CommunityHistoryProject Account # 225397940402 which is where the Community History S3 Buckets live for billing purposes.
Accessing different Accounts
If you are an admin in the main account, you can switch accounts to access the Community History Project account.
- Log into your normal AWS account
- In the upper right, look for your user name. Click on it.
- In the drop down that appears, select the "Switch Role" option
- Enter in the Account Number of the account you want to access, and then the Role
- Role is the IAM permission set that has access to the second account
- For CommunityHistoryProject it is chp-admin
- Role is the IAM permission set that has access to the second account
- You may set a name for this, otherwise it will inherit the IAM permission as the name
- Submit the change, you will now see the new role in a distinct color where your username used to be and the new account number, (chp-admin @NEW_ACCOUNT).
- You are now logged into the new account with admin permissions.
AWS - add new user
- IAM (identity & access management) > Users > Create New Users.
- Enter user name, uncheck 'generate an access key', create
- select newly-created username > 'permissions' tab > Attach policy (you can look at policies on other users if needed)
- 'security credentials' tab > 'assign an auto-generated password', check 'require user to create a new password at next sign-in'
- download the security credentials.
- (another option is to have the person stand right next to you and give themselves a temporary password)
- Stick the credentials somewhere safe!
- Get user to sign on and reset password.