Steps

Setup the environment

• gh repo clone sourcegraph/infrastructure
• Terrafom

Determine the access policy

<aside> ⚠️

Visit sourcegraph.okta.com dashboard to confirm you have the AWS SSO tile. If not, please ask #ask-it-tech-ops to assign the tile to your division first. Otherwise, you would not be able to access your account after creation.

</aside>

Follow Access Policy to decide which teams should have access to the account.

Update the file to add new account

Insert the new account to cloud/aws/variables.tf

For production accounts, you should leave team_access empty.

        "accounts" : {
          "nickname" : {
            name = "<ACCOUNT_NAME>"
            email          = "<ACCOUNT_EMAIL>"
            team_access = []
          }
        }

For development accounts, you should add your teams to the team_access field. Look up your team from Division field in your Slack/BambooHR/Okta profile.

        "accounts" : {
          "nickname" : {
            name = "<ACCOUNT_NAME>"
            email          = "<ACCOUNT_EMAIL>"
            team_access = []
          }
        }

Open a PR

ensure the Terraform Cloud status check for aws-organization workspace in Pull Request passes and review the plan to ensure there's no unexpected changes, e.g., accidental deletion of an account.

Tag Cloud Ops team for review. For urgent request, please start a thread in #wg-aws-access and tag @cloud-support.

[Cloud Ops] Confirm the run on Terraform Cloud

Once merged, make sure to confirm the run on https://app.terraform.io/app/sourcegraph/workspaces/aws-organization

Access your AWS account