Amazon Web Services

Amazon Web Services (AWS) is a broad set of commercial compute, storage, database, analytics, application, and deployment services. These services are hosted in Amazon’s cloud through a pay-as-you-go pricing model.

Things to Keep in Mind

AWS is a paradigm shift.

Using AWS effectively requires re-thinking how you deploy services and un-learning how you’ve managed systems in the past. The internet is a helpful resource for learning from other people’s experiences with AWS. Some useful insights from the AWS community:

Please consult Amazon’s own published materials as well as using your favorite search engine to look for tips and information.

AWS Service Limits

When your account is created, Amazon places an initial limit on the number of AWS resources you can use. When you reach the limit, you will not be able to access additional AWS resources until you contact AWS Support and request a Service Limit increase. Amazon sets these limits to prevent new users from unintentionally requesting a large set of resources and incurring unexpected service charges.

Understand Your Security Responsibility

Always employ due care when processing, transmitting, or storing sensitive information. See the Allowable Data Use for guidance, but SSNs, credit card numbers, and other personal information must never be stored in AWS. AWS has a core set of secure services, but it is up to each user to implement appropriate security controls and to comply with applicable University policies, notably policies relating to the protection of University data and the UC Electronic Communications Policy.

HIPAA Business Associates Agreement (BAA)

There is a system-wide BAA in place between AWS and UC.  In order to cover your AWS accounts under the terms of the UC AWS Enterprise Agreement (EA) and HIPAA Business Associate Agreement (BAA), please review the overview material provided by UCOP:

AWS UCOP BAA Overview

There is an additional registration step required as noted in the Overview document and the instructions below.  This is required if your AWS account will be processing, storing, or transmitting Protected Health Information (PHI) data.

Getting Help

Each AWS account comes with free “Basic Support” as defined on the Premium Support page listed below.

AWS accounts registered with the UC agreement also have access to an AWS Solution Architect. The Solution Architect can answer general technical questions about AWS services and is available if you would like to discuss/whiteboard architecture, design, and planning for a project on AWS. The Solution Architect can assist with non-urgent technical issues you need helping debugging.

You also have the option of purchasing higher levels of support directly from Amazon.

Slides from July 2014 AWS Site Visit

Amy Hogenhout and Chad Schmutzer from UC’s AWS support team gave an on-campus presentation regarding services available to UCI.

AWS Resources

Free Hands-on Training

Qwiklab offers 9 free classes which give you 30 minutes of free access to a AWS account along with a guided instructions for completing a basic AWS task; the instructions can be downloaded as a PDF and saved for later use.  These classes are a good “ice-breaker” for someone using AWS for the first time.  You also have access to a full AWS account for 30-minutes so you can also use the time to experiment with other AWS services.

How to Sign-Up for AWS

1. Create AWS Account

First, you’ll need to create an AWS account. Please see the “Create an AWS Account” video on the “Getting Started with AWS” link.

Use a UCI Email Address
When creating an AWS account, it will be linked to an e-mail address. Please use a UCI e-mail address; do not use a non-UCI e-mail address. If you think someone else will inherit this account after you leave UCI, we recommend that you register with a group account or a mailing list with a UCI address.

Billing
Billing will be handled via a credit card. Please use your University PALcard when registering. Links are provided below for the pricing of AWS services including a simple monthly calculator for planning purposes.

2. Register AWS with OIT

After you have created your AWS account, send OIT your 12 digit AWS account number. This allows us to register your account under the University of California AWS Enterprise Customer Agreement.

Fields marked with a * are required

Confirmation
You’ll receive a confirmation message from OIT that your account has been registered. OIT will maintain a list of UCI registered AWS accounts and requestors.

3. Register AWS with PHI Data

If your AWS account will be processing, storing, or transmitting Protected Health Information (PHI) data as defined by HIPAA, you must take the additional step of registering your account under the AWS UCOP BAA. Send an e-mail to aws-hipaa@amazon.com with the following information:

  • The 12 digit AWS account ID and whether this account is an addition or removal from the BAA.
  • The name of the UC campus with which the account ID is primarily associated.
  • The name, role, and institution email address of the security point of contact for the above account ID. (This is the point of contact who would be alerted in the event of a HIPAA reportable event. Example: Jane Smith, Information Security Manager, jsmith@email.edu)

Once AWS has replied back that the request has been fulfilled, retain this email as confirmation of your request being completed.