User interface to manage AWS Accounts (e.g. for new services or environments) and users within the base AWS account.
This is a rails app, with dependencies managed by bundler. To run the app locally clone this repo, then:
bundle install
npm install
bundle exec rails serverIf you want to test the apps interaction with third party services (e.g. GitHub
and GOV.UK Notify) you'll need to set up some secrets in environment variables.
The easiest way to do this in development is using a .env file (see .env.example):
cp .env.example .env
$EDITOR .envRun the tests with:
bundle exec rails testTo sign in as a development user, visit http://localhost:3000/dev-login (to try different email addresses, you can provide a email parameter). If you want to test with real Google SSO, you can create an application in the Google Cloud Console.
Note - when building the docker image on a mac arm but wanting to run the image on x86 architecture then run the docker build with this flag: --platform="linux/amd64"
If running in production a master key is required to decrypt credentials.yml.enc. This has been created and is passed into the container/environment at runtime.
RAILS_ALLOWED_DOMAINS: the domain of the app runtime env (eg loalhost:3000 or sub.domain.tld)RAILS_SERVE_STATIC_FILEStrue|false(default)RAILS_LOG_TO_STDOUTtrue : will log out errors etc since production defaults to logfileRESTRICT_LOGIN_EMAIL_ADDRESSES_TO:example.one@digital.cabinet-office.gov.uk example.two@digital.cabinet-office.gov.uk- should be a space separated list of email addresses if set it will only allow those email address to log in
GOOGLE_CLIENT_ID: an OAuth2 client IDGOOGLE_CLIENT_SECRET: an OAuth2 client secretGITHUB_PERSONAL_ACCESS_TOKEN: the PAT required to act on requied alphagov reposNOTIFY_API_KEY: a key to use the notify api to send emailsRAILS_MASTER_KEY: the key that has been used to encodeconfig/credentials.yml.enc