Rules for getting production access
These rules apply to developers, SREs, and technical architects in the GOV.UK programme.
What production access means
We have two types of production access:
Production Deploy access
This level of access allows engineers to deploy code but not administer admin related systems. It should be granted to both civil servants and contractors as needed.
Access includes:
- Permission to deploy apps in Jenkins via the GOV.UK Production Deploy Github team
- Permission to merge pull requests in continuously deployed applications
- Readonly access to logging systems such as Logit, etc.
- AWS readonly access via the
role_user_user_arnsrole in Staging and Production - “Normal” role in to GOV.UK Signon on Staging and Production (with app permissions granted as needed)
The steps above are outlined in the GOV.UK Production Deploy template Trello card, which can be copied to your team’s board and carried out by developers. You can ask 2nd line for help if you have any access issues.
When you get Production Deploy access
Access should be granted at the discretion of the engineer’s tech lead, once the engineer has the required level of security clearance (BPSS). Before approving access, tech leads should ensure that the engineer:
- is aware of our processes and standards around code review
- understands the responsibilities that releasing code brings with it
- knows how to roll back to an older release if there are any issues
- knows how to get help from someone with more access if they need it
Production Admin access
- Permission to read & write production and staging hieradata in govuk-secrets using GPG
- Permission to read & write to the password store in govuk-secrets store using GPG
- Access to Production Deploy Jenkins and Staging Deploy Jenkins to deploy applications via the GOV.UK Production GitHub team
- SSH access to production and staging servers via govuk-puppet
- AWS PowerUser Access via the
role_poweruser_user_arnsrole - Google Cloud Platform (GCP) access to role to manage static mirrors and DNS
- Signon “Super Admin” access in production
- GOV.UK PaaS Space developer and
Org manageraccess to all spaces in the govuk_development and data-gov-uk organisations
The steps above are outlined in the GOV.UK Production Admin template Trello card, which is normally given whilst on 2nd line.
When you get Production Admin access
- Temporary supervised access during two Technical 2nd Line shadow shifts (GOV.UK developers only)
- Supervised access during the second shadow shift and probation has been passed
- A minimum of BPSS (a blue building pass) security clearance
- Permanent access once two shadow shifts have been completed
“Supervised” means “we trust you, but just be extra careful,” and the dev should ensure they’re getting necessary and appropriate support from their team and tech lead during this time. The tech lead of the mission team is responsible for the supervision, whether it’s by them or the team.
What is temporary supervised Production Admin access?
Admin access to production may be granted to GDS civil servants or contractors who don’t meet the criteria above for a time limited period. In these cases, we require:
- A minimum of BPSS (a blue building pass) security clearance
- Approval from a Lead Developer or the Head of Technology
- Access to be removed at the end of the time limited period
- Supervision to be given by a production cleared person during access
- Agreement from the person that they will only use their access while supervised. We trust our staff to be sensible and operate within these rules.
Temporarily revoking access
If you’re absent more than 6 weeks, your access will be revoked. See the Trello leaver template card for the steps.