1. Create a new Amazon Web Services account at https://aws.amazon.com. If you have an existing AWS account that is being actively used, we recommend you create a new one, since the security configuration that we'll apply to your account will include access controls and policies that can impact existing systems.
2. After creating the initial login, while in the AWS Management Console, go to Services and look for the "Identity and Access Management (IAM)" service.
3. On the left side of the screen, go to Users, and click the Add Users button. For "User name" set a value of healthcareblocks. This new user should only have the "Password - AWS Management Console access" option selected. The password should be auto-generated and "Require password reset" should be selected.
4. On the Permissions screen, choose the "Attach existing policies directly" tab and then associate the "AdministratorAccess" policy.
5. On the final screen, download the credentials file. Attach the file to the support ticket associated with the onboarding process.
6. The initial login you created for your AWS account is known as the "root" user, which has unrestricted permissions. However, AWS recommends that organizations have individual AWS logins for every team member who needs access to the AWS Management Console. We'll handle this step for you as well as creating several user roles in your AWS account:
- Auditors have "read only" permission and cannot change anything
- Developers can access most AWS services but cannot delete resources
- System Administrators have full access to your AWS account (similar to the root user)
For every person that needs access to the AWS Management Console, please provide their name, email, and desired user role in the onboarding support ticket.