Cloud project access¶
We manage many projects across multiple cloud providers. This document defines our access policy, and is the canonical location for the projects we do have access to.
Every 2i2c engineer should have equal access to every cloud project we maintain. This prevents particular individuals from becoming single points of failure.
In some cases, this requires paperwork for each engineer to get access. We should try to find ways around this, but if not, just do the paperwork.
Google Cloud Access¶
On Google Cloud, we have a 2i2c organization,
that contains some projects we are fully responsible for. Access
to all projects in this organization can be granted by
adding the user to the group
in the Google Workspace Admin dashboard
(available only to admins of the 2i2c.org Google Workspace account).
Note that this option is only available for engineers with a
For all other projects, we will need to make a manual entry in
the project’s IAM Page
for the engineer’s
@2i2c.org account, with
The canonical list of GCP projects we have access to is maintained in this google sheet
Each 2i2c engineer should get an individual IAM User Account in every AWS account we have access to. This should have the broadest set of permissions as well, and the same set of permissions for everyone.
The canonical list of AWS accounts we have access to is maintained in this google sheet