GSA Auth - AWS Jump Account

[JJediny]

Tech Operations created a secureauth jump implementation for Data.gov to login with MFA into their AWS Accounts. Users are on/offboarded through Pull Requests to aws-admin.

https://github.com/GSA-TTS/aws-admin?tab=readme-ov-file#usage

Review needed to determine if new AWS Id Center is a replacement for our custom implementation

• Alternative Review
  • IAM Identity Center
  • AWS Admin Jump Setup

Tasks

Beta Give feedback

1. Submit Intake Form https://docs.google.com/forms/d/e/1FAIpQLSeyPMkNiJh70lPl2xsbg1UUeg5D-QG22YpoSVJlQQnpHeCeMw/viewform
2. Swap SecureAuth to Okta SAML Certificate
3. Pre-communications to Users
4. Date selected to swap out IDP
5. Setup swap verification meetiing with Data.gov

[JJediny]

Kickoff Meeting scheduled 9/9/24 need to submit intake

[JJediny]

9/11

Determined we will swap IDP providers for secureauth for GSA Auth in tts-jump we will need to notify the Data.gov team about the switch

and separately follow up with GSA Auth team to setup IDP for Payer IAM Identity Center to manage sandbox access and natively support cloudtrail events and cloudwatch for non-SAML based authentication. Ideally we would roll out to all programs (optional) for AWS access.

[JJediny]

Confirmed with tyler.burton@gsa.gov that the Data.gov team is aware of the pending swap and we will align with their team timing and testing