DDCAWS Environment

DDC-Dev AWS Account/Environment

This account was provisioned by Roche and delegated to ACE for infrastructure and application management.

  • AWS Account #: 951412642259
  • AWS Account Name: AWS_ENT_B_ACEDDCDV_2026848

AWS Access Procedures

  1. Go to Roche’s Prod WAM Authentication portal
  2. Login using your unix id. Note that your account must have 2FA enabled using the Entrust app. Request access to the Entrust app here.
  3. You will be asked to select a role. Depending on your permissions, you may see multiple roles. Select the relevant role you need and continue.
  4. Once you are logged in, you need to switch roles. Click on your user name in top left hand corner and select Switch Roles.
  5. Under Account, enter the account id from above (951412642259). Based on the role you need access to, follow the instructions below for completing the assume role process.

Dev Admin Access

This is full admin access to the AWS account and should be used in limited fashion.

  1. For Role, enter the following exactly as is: GLOAWS_Cloud_Contributor
  2. For display name enter any name that will descriptive for you to know the purpose of this AWS account. A display name is: ddc-dev-admin

Dev Read Only / Security Auditor Access

This allows full read only access and security auditor access to the AWS account and should be used in limited fashion. It will also allow reading of all cloudwatch log groups.

  1. For Role, enter the following exactly as is: GLOAWSACEDDCDV_Readers
  2. For display name enter any name that will descriptive for you to know the purpose of this AWS account. A display name is: ddc-dev-readonly

Dev Power Users Access

This allows the same permissions as the power user role in AWS, but is limited to only the eu-west-1 region.

  1. For Role, enter the following exactly as is: GLOAWSACEDDCDV_PowerUsers
  2. For display name enter any name that will descriptive for you to know the purpose of this AWS account. A display name is: ddc-dev-powerusers

Reference document from Roche for Access Guidelines can be found here.

For generic GIS support (i.e. programmatic user creation, enterprise support activation, account decommission, rights or access support, etc..), please open a ticket in ServiceNow (IT access) by clicking here or from the Service Portal (end user access), here.

DDC-Prod AWS Account/Environment

This account was provisioned by Roche and delegated to ACE for infrastructure and application management.

  • AWS Account #: 550146336092
  • AWS Account Name: AWS_ENT_B_ACEDDCPRD_2129961
  1. Go to Roche’s Prod WAM Authentication portal
  2. Login using your unix id. Note that your account must have 2FA enabled using the Entrust app. Request access to the Entrust app here.
  3. You will be asked to select a role. Depending on your permissions, you may see multiple roles. Select the relevant role you need and continue.
  4. Once you are logged in, you need to switch roles. Click on your user name in top left hand corner and select Switch Roles.
  5. Under Account, enter the account id from above (550146336092). Based on the role you need access to, follow the instructions below for completing the assume role process.

Admin Access

This is full admin access to the AWS account and should be used in limited fashion.

  1. For Role, enter the following exactly as is: GLOAWS_Cloud_Contributor
  2. For display name enter any name that will descriptive for you to know the purpose of this AWS account. A display name is: ddc-prd-admin

Read Only / Security Auditor Access

This allows full read only access and security auditor access to the AWS account and should be used in limited fashion. It will also allow reading of all cloudwatch log groups.

  1. For Role, enter the following exactly as is: GLOAWSACEDDCPRD_Readers
  2. For display name enter any name that will descriptive for you to know the purpose of this AWS account. A display name is: ddc-prd-readonly

Prod Power Users Access

This allows the same permissions as the power user role in AWS, but is limited to only the eu-west-1 region.

  1. For Role, enter the following exactly as is: GLOAWSACEDDCPRD_PowerUsers
  2. For display name enter any name that will descriptive for you to know the purpose of this AWS account. A display name is: ddc-prd-powerusers

ACE Provisioning Specs

Troubleshooting

”Your request included an invalid SAML response. To logout, click here”

If you experience this issue, it’s likely you’re not in the prerequisite group for accessing the account. You must be a member of GLOAWSACEDDCDV_Contributors. You can confirm your group membership using Roche’s RADA Service.

Technical InformationVPN Connection