Skip to content Skip to site navigation

Guide to Stanford AWS Setup

Learn how to set up and manage your AWS account

Before you set up an AWS Account

Review these considerations before you set up an AWS account:

  • Learn about AWS costs. Costs can accrue quickly in an AWS account. If you are new to AWS, you may want to use the AWS Pricing Calculator to learn about cost before you submit your request and start to use your new account.
  • Decide how to manage your AWS account. You can choose to manage the AWS account yourself or, if you have a support agreement with another group, you can have that group manage the account in AWS. Choose the appropriate options on the request form for either scenario.
  • Learn how AWS accounts are named. A naming convention is followed for AWS account names. The request form will automatically present a prefix for your account and you can choose the remainder of the account name.
  • Plan for AWS compliance requirements. AWS compliance requirements vary based on the types of data you will be using or storing in your account. AWS is authorized for use with High Risk Data ONLY when the AWS account is in compliance with the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions, the Administrative Guide Section 6.3.1: Information Security, and other regulatory requirements. If you are using High Risk Data with AWS, you must complete a Data Risk Assessment.

How your new AWS account is configured

Access to your AWS account is managed via Stanford workgroups. When your AWS account is created, three Stanford workgroups are automatically created. Contacts you entered on the request form are automatically added to those workgroups.

AWS Identity and Access Management (IAM) roles are granted based on the Stanford workgroup membership. The following chart shows who is assigned to each workgroup.

AWS IAM Role AWS IAM Role Description Stanford Workgroup Requester Account Owner Primary Technical Contact Alternate Technical Contact Primary Billing Contact
admin Allows all actions for all AWS services and for all resources in the account AcctNo-admin      
billing Allows full permissions for managing billing, costs, payment methods, budgets, and reports AcctNo-billing      
operations Power User access AcctNo-operations  

The Stanford workgroups are created with these parameters:

Stanford Workgroup Stanford Workgroup Admin Nesting allowed Member List viewable by
<YourAcctNo>-admin Only System Admin No Admins only
<YourAcctNo>-billing Only System Admin No Admins only
<YourAcctNo>-operations Primary Technical Contact
Alternate Technical Contact
Yes Any user

You can add and delete members of the operations workgroup as you see fit. If you need to change the membership of the admin or billing workgroups, submit a Help ticket  and list the members you want to add or remove.

How to secure data in your AWS account

You must adhere to the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions and the Administrative Guide Section 6.3.1: Information Security for all data used or stored in your AWS account.

AWS is suitable for Low, Moderate and High Risk Data and all AWS service offerings are available for use.

AWS is authorized for use with High Risk Data ONLY when the AWS account is in compliance with the Minimum Security Standards and any other regulatory requirements and a Data Risk Assessment is completed.

How to access your AWS account

Once your AWS account is created, you will receive an email confirming the creation of your new AWS account. The email also provides you with a login link that takes you to your new AWS account using Single Sign-On (SSO).

How AWS accounts are billed

Before you place your request for a new AWS account, you MUST obtain authorization from a valid approver for each Stanford Project-Task-Award (PTA) you plan to use.

While we will not hold the provisioning of the account for PTA approval, the approver you select will be required to confirm their approval once the request is submitted. The PTA approver(s) must agree to accept all charges incurred until such time as the PTA approver terminates approval, the service has been cancelled, or the PTA has been removed from the service.

Check valid approvers for a PTA you are planning to use prior to submitting your request.

Once your AWS account is created and in use, you can view usage information on the AWS Management Console in the Billing area (see below).

AWS console

If you want to view billing information for past months that have already been charged to PTA(s), you can use the UIT Billing Dashboard. You can find information in this quick guide about how to navigate this tool. If you need help you can reach out to the UIT Revenue Operations team.

How to learn more about AWS accounts

UIT Technology Training offers multiple online training solutions to learn about specific cloud computing environments, such as Cloud Academy and LinkedIn Learning. Cloud Academy requires the purchase of a monthly or annual license, and LinkedIn Learning is free for anyone with a full-service SUNet ID.

Cloud Providers (AWS, GCP) also offer training, both free and for a fee.