...
- Send an email to cloud-support@cornell.edu with the following information:
- The name of your new role. In this example, that's "shib-example".
- The 12-digit account number of your AWS account.
- The name of the Cornell unit associated with the account (e.g. CALS).
- The name of the existing AD Security Group that contains the list of Cornell netIDs you wish to be able to use this role in your account.
- Since this AD Security Group will live in your OU structure you will be able to modify the group membership as needed following your existing practices.
- Note: In order to maintain security for your AWS account, the person sending this email must be in the shib-admin group for the account.
- The Cloudification services team will create a new AD group with the name structured like CIT-<AWS account number>-role. In the above example, the cloud team would create an AD group named "CIT-095493758574-example". You will receive
- When the Cloud Team receives the request, the requester will be updated in the ticket and receive a notification when the AD group is created.
- Now your new custom role is ready to use. We suggest sending an email to the people who will be using it, and have them login to the AWS Web Console using this URL: http://signin.aws.cucloud.net/. If those people have access to only one role in one AWS account, they will automatically be sent to the AWS Web Console assuming that role. If a person has access to more than one "shib" role, they will be asked which role they want to assume after they login.
...