Table of contents

Set up your AWS account

To work with govuk-aws and govuk-aws-data, you will require an account in AWS.

If you already have an AWS user associated with a different team’s account, you can continue using it to log in to the AWS console, and then switch roles where necessary.

1. Request a GDS AWS account

GDS maintains a central account for AWS access. You will need to request an account from the Technology and Operations team.

πŸ‘‰ Request an account

2. Sign in to AWS

To sign in, go to the GDS AWS Sign page, and use the following credentials:

  • “Account ID or alias”: gds-users
  • Username: your email address
  • Password: your password

πŸ‘‰ Sign in to AWS GDS account

3. Set up your MFA

You have to set up Multi-Factor Authentication (MFA).

  1. Sign in to AWS GDS account
  2. Select or go to IAM service.
  3. Click on “Users” in the menu bar on the left hand side
  4. Enter your name
  5. Click on the link for your email address
  6. Click on the security credentials tab
  7. Click on the “Manage” link next to “Assigned MFA device”
  8. Follow the steps to set up your MFA device

Changing your MFA device

Follow steps 1 - 7 in Set up your MFA. Then:

  1. Choose one of the two options (Remove or Resync)
  2. Click on the “Manage” link next to “Assigned MFA device”
  3. Follow the steps to set up your MFA device

4. Get the appropriate access

An account in AWS doesn’t give you access to anything, you’ll need to be given rights.

Add yourself to a lists of users found in the data for the infra-security project. There are 4 groups:

  • govuk-administrators: people in Reliability Engineering who are working on GOV.UK infrastructure, Architects and Lead Developers of GOV.UK and anyone else working on the AWS migration
  • govuk-powerusers: anyone else who can have production access on GOV.UK
  • govuk-platformhealth-powerusers: as above but for members of the GOV.UK Platform Health team
  • govuk-users: anyone else who needs integration access on GOV.UK

The identifier you need to add is called the “User ARN”. You can find this by going to the users page in AWS IAM and selecting your profile.


After your PR has been merged, someone from the govuk-administrators group needs to deploy the infra-security project.

πŸ‘‰ Deploy AWS infrastructure with Terraform

5. Do your thing πŸš€

You can now:

πŸ‘‰ Access the AWS console

πŸ‘‰ Use AWS on the command line

This page was last reviewed . It needs to be reviewed again by the page owner #govuk-2ndline.