Request to create accounts for iflorez, data scientist supporting the Future Audiences team on ChatGPT plugin analysis.
Need:
[x] AWS account
[x] AWS access to: CloudWatchLogsReadOnlyAccess, StartQuery, GetQueryResults, and iam:CreateAccessKey
[x] Gitlab Enterprise account.
[x] Debug account
Name: Irene Florez
email: iflorez@wikimedia.org
Nat Hillard, Maryana Pinchuk, and Mikhail Popov can be contacted in support of the request, as needed.
Backend steps on my end:
[x] request access and appropriate permissions
[x] create GPG key
[x] share public GPG key with Alex Lep or appropriate person or this ticket
[x] check email and when access is granted set up MFA for Gitlab Enterprise via Okta
[x] check email and when AWS access is granted decrypt temporary encrypted password
[x] sign into AWS when an account is created and reset password
[x] set up MFA for AWS via Okta; see also the AWS [[ https://us-east-1.console.aws.amazon.com/iamv2/home?region=us-east-1#/security_credentials?section=IAM_credentials | IAM page ]]
[x] ensure permission levels are granted by testing a manual code pull on the [[ https://us-east-1.console.aws.amazon.com/cloudwatch/home?region=us-east-1#logsV2:logs-insights$3FqueryDetail$3D~(end~0~start~-3600~timeType~'RELATIVE~unit~'seconds~editorString~'fields*20*40timestamp*2c*20*40message*2c*20*40logStream*2c*20*40log*0a*7c*20sort*20*40timestamp*20desc*0a*7c*20limit*2020~queryId~'fa9337ce8fdacf8c-70c3c3c-4ff4233-51dc5be4-fd27644a821c12b0a1e45ca~source~(~)) | AWS log insights page ]]
[x] Get AWS credentials: [[ https://docs.aws.amazon.com/cli/latest/userguide/cli-authentication-short-term.html | Authenticate with short term credentials ]] and download them, noting "Application running outside AWS"
[x] Obtain the aws CLI utility https://github.com/aws/aws-cli
[] Run 'aws configure' and pass in credential values, along with the value of the region of your aws instance.
~~[] setup SSH appropriately for Gitlab Enterprise~~
* Future: create an administrative user in AWS IAM Identity Center (successor to AWS Single Sign-On) for daily administrative tasks.