How do I open a self-service AWS account?
You can submit a request for an account using our Research Computing/Storage Request form on the myHelpdesk site.
What can I use an AWS self-service account for?
AWS accounts can be useful for several types of scenarios, including, but not limited to: developing and testing environments, running data for research or experimentation, creating hands-on training environments, innovating and prototyping proof-of-concepts, and for managing Agile and DevOps practices.
Are there any limitations on using an institutional AWS account?
Self-service cloud accounts are not intended for sensitive or confidential data. There are guidelines and access controls that are not in place to prevent unauthorized access or accidental exposure of sensitive information.
Accounts are also not suitable for hosting critical production systems or applications without proper governance and oversight. Mission-critical applications and systems may require specialized infrastructure, high availability, and more stringent operational processes that necessitate centralized management and monitoring.
For more information, please review our Cloud and AWS security standards.
Why should I open an AWS self-service account with ITS rather than directly with Amazon?
ITS would still provide a centralized oversight function. This ensures governance, compliance, and alignment with organizational policies and standards.
What am I responsible for should I manage an AWS self-service account?
- Resource Lifecycles: Self-service cloud accounts should not neglect resource lifecycle management. Users are responsible for properly managing and decommissioning resources they no longer require. Abandoned or underutilized resources can result in unnecessary costs and security vulnerabilities.
- Monitoring and Logging of resources: Monitoring and logging are essential for detecting and mitigating issues, identifying performance bottlenecks, and ensuring security. Self-service cloud accounts should include proper monitoring and logging practices to enable visibility into resource utilization, system health, and security events.
- Resource or application patching: Patching within the self-service accounts is the responsibility of the account owner.
Do I need cloud expertise to use cloud services offered by ITS?
This depends on the specific cloud service. In general:
- SSOD: No expertise required.
- Managed: Some understanding is helpful, but support is extensive.
- Co-Managed: Yes, basic cloud technical knowledge is required, and the request should be submitted with a signed attestation form.
What are the cost differences between cloud service models?
- SSOD: Cloud cost + 25%
- Managed: Cloud cost + 40%
- Co-Managed: Cloud cost + 5.15%
Who manages the infrastructure and support of ITS' cloud service options?
- SSOD: Fully managed by a dedicated support team.
- Managed: Managed by an extended Cloud Team (Cloud, Security, Ops, etc.).
- Co-Managed: You manage it, with basic infra support from the Cloud Team with fee.
Can I use PHI/PII data in any of our cloud service models?
Yes, all SSOD, Managed, and Co-Managed cloud accounts support PHI/PII data and comply with NIST 800-53 rev 5 and AWS Guardrails. However, for Co-Managed solutions, security attestation form needs to be submitted.
What are some example use cases for each cloud service model?
- SSOD: Standalone EC2, S3, RDS.
- Managed: Elastic Beanstalk, Lambda, Glue, RedShift, SageMaker.
- Co-Managed: SDS, App Dev, Security accounts, Insight, Recover.