Access & Governance
Authentication
All platform services authenticate through AWS Cognito (auth.nhic.moh.gov.rw). For Kubernetes-hosted services, Cognito tokens are bridged to the cluster via OAuth2/Dex (sso.nhic.moh.gov.rw).
| Service | URL |
|---|---|
| GreenRiver | nhic.moh.gov.rw |
| Superset | superset.nhic.moh.gov.rw |
| ArgoCD | gitops.awseks.rhos.africa |
| Auth | auth.nhic.moh.gov.rw |
User groups
Groups are managed in AWS Cognito and synced to Kubernetes via the rbac Helm chart.
Kubernetes
| Group | Access Level |
|---|---|
k8s-admins | Full cluster admin |
k8s-read-write | Deploy and manage workloads |
k8s-readonly | Read-only cluster access |
Requesting access
Access is provisioned by a Platform Admin via the AWS Cognito user pool. To request access, open an issue in the internal platform tracker with:
- Your MoH email address
- The service you need access to
- The group that matches your role (see tables above)
- Your team lead or line manager for approval
Last updated on