ITS offers self-service cloud accounts via Amazon Web Services (AWS) for users who are interested in managing their own cloud resources without direct involvement from our technicians. This option allows you to have more autonomy over your data and resources, while still benefitting from features like adherence to institutional data management policies, cost control, and security protocols. ITS does not manage your account, but does have limited access as needed to monitor your resource usage, and ensure your account is compliant with all of our policies.
Cloud for Co-Managed Solutions empowers you to experiment and innovate rapidly. You can quickly spin up and tear down resources, test new technologies or applications, and iterate on solutions without relying on external teams or undergoing lengthy approval processes.
This service is only available to users who meet a certain level of cloud technical management knowledge.
Direct support from Amazon is also included in self-managed accounts.
View and compare our various storage options to find the best solution for your needs.
What's Included
- Complete account management: Independently manage your AWS account through a self-service portal, including billing and payment information, access controls, and account preferences.
- Resource provisioning: Provision and manage your own cloud resources, such as virtual servers (EC2 instances), databases (RDS), and storage (S3).
- Cost & budget control: Self-service accounts include monitoring to control costs like budget alerts to track resource usage and stay within allocated budgets.
- Security & access control: Have complete control over who has access to your resources by configuring your permissions, security groups, and encryption. Note that ITS does monitor for compliance with centralized security policies.
- Collaboration & sharing: Share resources and collaborate with other team members within the organization only.
Cloud Services Comparison Table
Features | Standard Solutions on Demand (SSOD) | Managed Solutions | Co-Managed Solutions |
---|---|---|---|
AWS Account Type | Shared | Dedicated | Dedicated, non-production, sandbox |
Solution Complexity | Low | Medium/High | Any |
Scope | Stand-alone AWS EC2, S3, RDS | Non-standard apps or services, internally-developed solutions, cloud improvement | Research-focused |
Security Access Control | No console access, role-based CLI/Shell/RDP | Limited console access, role-based CLI/Shell/RDP | Console + CLI/Shell/RDP access, restricted IAM/Billing |
Compliance Standards | NIST 800-53 rev 5, AWS Guardrails, Policy Boundaries | NIST 800-53 rev 5, AWS Guardrails, Policy Boundaries | NIST 800-53 rev 5, AWS Guardrails, Policy Boundaries |
Supported Data Types | All (PHI / PII included) | All (PHI / PII included) | All (PHI / PII included) with required Security attestation |
Support Group | Dedicated support team | Extended cloud team/white-glove support services | End users, ad-hoc basic infrastucture support |
Services Provided | Provisioning, monitoring, patching, billing support | All SSOD services + consultation, migration, HA/DR, cost optimization | Account provisioning, service enablement, network connectivity, monitoring *Consultation is available for $150/hour |
Request Method | myHelpdesk | myHelpdesk | myHelpdesk |
User Responsibility | Minimal | Minimal | Sign agreement, show cloud knowledge, comply with standards |
Who Can Request | Authorized personnel | Authorized personnel | Authorized personnel |
Rate | Cloud usage fee + 25% | Cloud usage fee + 40% | Cloud usage fee + 5.5% *Consultation is available for $150/hour |
Use Case Examples | Standalone EC2 instances w/ or w/o ALB (ex: New relic / Halo), Standalone S3 buckets, Standalone RDS instances | Containerized solutions, PaaS like Elastic beanstalk, serverless solutions (Lambda), Analytics (Glue, Athena, RedShift, EMR), Machine Learning / AI (Sagemaker, Bedrock, Amazon Q) | Accounts for SDS, App Dev, Security; Insight, Recover, knitdema |
Cost and Fees
Current pricing for this service is available on our Rates page under the “Cloud Services."
Service Requirements
Unless approved by WCM’s Security team, co-managed accounts cannot host moderate-risk or high-risk data. Cloud for Managed Solutions are strongly recommended for mid-risk or high-risk data usage.
Frequently Asked Questions
How do I open a self-service AWS account?
You can submit a request for an account using our Research Computing/Storage Request form on the myHelpdesk site.
What can I use an AWS self-service account for?
AWS accounts can be useful for several types of scenarios, including, but not limited to: developing and testing environments, running data for research or experimentation, creating hands-on training environments, innovating and prototyping proof-of-concepts, and for managing Agile and DevOps practices.
Are there any limitations on using an institutional AWS account?
Self-service cloud accounts are not intended for sensitive or confidential data. There are guidelines and access controls that are not in place to prevent unauthorized access or accidental exposure of sensitive information.
Accounts are also not suitable for hosting critical production systems or applications without proper governance and oversight. Mission-critical applications and systems may require specialized infrastructure, high availability, and more stringent operational processes that necessitate centralized management and monitoring.
For more information, please review our Cloud and AWS security standards.