Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update TTS AWS root credential database to include MFA tokens for all accounts #1550

Open
3 tasks
adborden opened this issue Aug 25, 2021 · 1 comment
Open
3 tasks

Update TTS AWS root credential database to include MFA tokens for all accounts #1550

adborden opened this issue Aug 25, 2021 · 1 comment
Assignees
@JJediny @nateprice18f
Labels
g: accepted Issue has been fully groomed. i: infrastructure Relating to technology underneath/supporting custom software across TTS m: due date Has a hard or soft deadline t: days Should be complete-able in a matter of days or less (wall clock time)

Comments

@adborden
Copy link
Contributor

Background Information

In order to simplify management of MFA for AWS root users, Tech Portfolio wants the TOTP secret for virtual MFA devices stored encrypted in the TTS AWS root credential KeePassXC database.

In our AWS root user management guide, we have a note that some accounts are missing the TOTP secret and instead the MFA exists only on a few individuals devices. We should update the entries so that all accounts in the database include the TOTP secret.

Implementation Steps

  • For each account missing the TOTP secret key in the KeePassXC database, log into the AWS account, replace the MFA device, and enter the secret key into the database
  • Remove the note in the AWS root user management guide

Acceptance Criteria

  • GIVEN I am attempting to login as the root user for a TTS AWS account
    WHEN I provide an MFA code and password from the KeePassXC database
    THEN I can successfully log in.
@adborden adborden added the g: initial Issue template needs to be filled out, and/or initiative/timing labels need to be added. label Aug 25, 2021
@afeld afeld added i: infrastructure Relating to technology underneath/supporting custom software across TTS t: days Should be complete-able in a matter of days or less (wall clock time) labels Aug 30, 2021
@afeld afeld moved this from Icebox to Ready (Sprint Planned) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Sep 20, 2021
@afeld afeld changed the title Update TTS AWS root credential database to include MFA tokens for all accounts Update TTS AWS root credential database to include MFA tokens for all accounts - due 10/1 Sep 20, 2021
@afeld afeld added the m: due date Has a hard or soft deadline label Sep 20, 2021
@adborden adborden added g: accepted Issue has been fully groomed. and removed g: initial Issue template needs to be filled out, and/or initiative/timing labels need to be added. labels Sep 27, 2021
@afeld
Copy link
Contributor

afeld commented Sep 28, 2021

Took a pass and set up TOTP for the ones that I had in my authenticator. I don't have TOTP set up in my authenticator for any of the GovCloud ones. @JJediny Can you look at the remainder and see if there are any that you're unable to access and add?

@afeld afeld self-assigned this Sep 28, 2021
@JJediny JJediny moved this from Ready (Sprint Planned) to In Progress in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Oct 7, 2021
@JJediny JJediny moved this from In Progress to Backlog (Sprint Staging) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Nov 22, 2021
@JJediny JJediny changed the title Update TTS AWS root credential database to include MFA tokens for all accounts - due 10/1 Update TTS AWS root credential database to include MFA tokens for all accounts Jul 8, 2022
@JJediny JJediny removed this from Backlog (Sprint Staging) in TTS Technology Portfolio (DEPRECATED/ARCHIVE) Jan 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JJediny JJediny

@nateprice18f nateprice18f

Labels
g: accepted Issue has been fully groomed. i: infrastructure Relating to technology underneath/supporting custom software across TTS m: due date Has a hard or soft deadline t: days Should be complete-able in a matter of days or less (wall clock time)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@afeld @adborden @JJediny @nateprice18f