File tree Expand file tree Collapse file tree 1 file changed +6
-2
lines changed
examples/snippets/.claude/skills/atmos-auth Expand file tree Collapse file tree 1 file changed +6
-2
lines changed Original file line number Diff line number Diff line change @@ -63,7 +63,9 @@ Profiles are defined in `profiles/<profile-name>/atmos.yaml`. Each maps identiti
6363| ------------ | -------------------- | -------------------- | --------------------- |
6464| `devops` | TerraformApplyAccess | TerraformApplyAccess | TerraformApplyAccess |
6565| `developers` | TerraformStateAccess | TerraformApplyAccess | TerraformPlanAccess |
66- | `managers` | TerraformStateAccess | TerraformPlanAccess | TerraformPlanAccess |
66+ | `managers` | TerraformApplyAccess | TerraformApplyAccess | TerraformApplyAccess |
67+
68+ Managers also have a `RootAccess` Permission Set for centralized root access to member accounts.
6769
6870**Permission Set capabilities:**
6971
@@ -83,7 +85,9 @@ Examples:
8385
8486# # Special Cases
8587
86- **superadmin profile**: IAM user with MFA for breakglass access. Avoid unless SSO is unavailable.
88+ **superadmin profile**: IAM user (`kind: aws/user`) with MFA in the root account. Used for coldstart/bootstrap
89+ before SSO is deployed, or as breakglass access. Assumes `OrganizationAccountAccessRole` into member accounts
90+ via identity chaining. Switch to your assigned SSO profile once the identity layer is deployed.
8791
8892**github-plan profile**: OIDC-based authentication for CI/CD plan operations. Uses planner roles with read-only access.
8993
You can’t perform that action at this time.
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4&size=40){kind=avatar}
0 commit comments