Learn how to set up and manage your AWS account
Review these considerations before you set up an AWS account:
Access to your AWS account is managed via Stanford workgroups. When your AWS account is created, three Stanford workgroups are automatically created. Contacts you entered on the request form are automatically added to those workgroups.
AWS Identity and Access Management (IAM) roles are granted based on the Stanford workgroup membership. The following chart shows who is assigned to each workgroup.
AWS IAM Role | AWS IAM Role Description | Stanford Workgroup | Requester | Account Owner | Primary Technical Contact | Alternate Technical Contact | Primary Billing Contact |
---|---|---|---|---|---|---|---|
admin | Allows all actions for all AWS services and for all resources in the account | AcctNo-admin | |||||
billing | Allows full permissions for managing billing, costs, payment methods, budgets, and reports | AcctNo-billing | |||||
operations | Power User access | AcctNo-operations |
The Stanford workgroups are created with these parameters:
Stanford Workgroup | Stanford Workgroup Admin | Nesting allowed | Member List viewable by |
---|---|---|---|
<YourAcctNo>-admin | Only System Admin | No | Admins only |
<YourAcctNo>-billing | Only System Admin | No | Admins only |
<YourAcctNo>-operations | Primary Technical Contact Alternate Technical Contact |
Yes | Any user |
You can add and delete members of the operations workgroup as you see fit. If you need to change the membership of the admin or billing workgroups, submit a Help ticket and list the members you want to add or remove.
You must adhere to the Minimum Security Standards for Infrastructure-as-a-Service (IaaS) and Containerized Solutions and the Administrative Guide Section 6.3.1: Information Security for all data used or stored in your AWS account.
AWS is suitable for Low, Moderate and High Risk Data and all AWS service offerings are available for use.
AWS is authorized for use with High Risk Data ONLY when the AWS account is in compliance with the Minimum Security Standards and any other regulatory requirements and a Data Risk Assessment is completed.
You can access your account by going to awsconsole.stanford.edu
Before you place your request for a new AWS account, you MUST obtain authorization from a valid approver for each Stanford Project-Task-Award (PTA) you plan to use.
While we will not hold the provisioning of the account for PTA approval, the approver you select will be required to confirm their approval once the request is submitted. The PTA approver(s) must agree to accept all charges incurred until such time as the PTA approver terminates approval, the service has been cancelled, or the PTA has been removed from the service.
Check valid approvers for a PTA you are planning to use prior to submitting your request.
Once your AWS account is created and in use, you can view usage information on the AWS Management Console in the Billing area (see below).
If you want to view billing information for past months that have already been charged to PTA(s), you can use the UIT Billing Dashboard. If you need help you can reach out to the UIT Revenue Operations team.
Click image to enlarge
UIT Technology Training offers multiple online training solutions to learn about specific cloud computing environments, such as Cloud Academy and LinkedIn Learning. Cloud Academy requires the purchase of a monthly or annual license, and LinkedIn Learning is free for anyone with a full-service SUNet ID.
Cloud Providers (AWS, GCP) also offer training, both free and for a fee.