DDLS-425 restrict management ci to limited access #1772

jamesrwarren · 2024-12-16T12:17:21Z

Purpose

restrict management ci to limited access to digideps resources on management account

In event of security breach, this will stop any attacker being able to affect the DNS/secrets etc of other products that use the management account.

I have created a new policy in org infra and this PR uses that policy.

Once we're sure this works we need to remove the original management CI user completely and just use this one.

NA

I have performed a self-review of my own code
I have updated documentation (Confluence/ADR/tech debt doc) where relevant
I have added tests to prove my work
The product team have approved these changes
I have checked my work for potential security issues and refered to the OWASP top 10

I have run an in-browser accessibility test (e.g. WAVE, Lighthouse)
There are no deprecated CSS classes noted in the profiler
Translations are used and the profiler doesn't identify any missing
Any links or buttons added are screen reader friendly and contextually complete
If adding GA events, I have updated or checked the existing category or label values

jamesrwarren added 2 commits December 16, 2024 12:16

DDLS-425 try out the new management

923b011

DDLS-425 add restricted management CI role to digideps

dd46519

jamesrwarren changed the title ~~DDLS-425 try out the new management~~ DDLS-425 restrict management ci to limited access Dec 18, 2024

Merge branch 'main' of github.com:ministryofjustice/opg-digideps into D…

c3230af

…DLS-425b

jamesrwarren force-pushed the DDLS-425b branch from ccc9f45 to c3230af Compare December 18, 2024 16:01

jamesrwarren marked this pull request as ready for review December 18, 2024 16:04

jamesrwarren requested a review from a team as a code owner December 18, 2024 16:04

Raffers approved these changes Dec 19, 2024

View reviewed changes

jamesrwarren merged commit c201538 into main Dec 19, 2024
37 checks passed

jamesrwarren deleted the DDLS-425b branch December 19, 2024 09:43