AWS Account Provisioning

The University of Pennsylvania maintains an AWS@Penn Organization umbrella under which we manage AWS accounts created since August 2020. CETS originally created AWS accounts with Basic Support under the SEAS umbrella Organization which are NOT integrated into AWS@Penn, but can be transitioned to the AWS@Penn Organization upon request.

Please note: AWS is NOT associated with any of the SEAS HPC clusters, which are mentioned in other sections of this site.

Benefits of AWS@Penn integration

  • Security: PennKey Single Sign-On convenience (with Multifactor Authentication), and compliance peace of mind (https://www.isc.upenn.edu/security/data-box-amazon)
  • Support: Gain access to AWS Enterprise Support
  • Simplicity: Centralized billing (business office handles accounting and charges directly to budget / grant; no need to supply your personal credit card information)
  • Spending Reduction: The University’s Data Egress Waiver provides refunds for 100% of global data egress costs so long as those costs represent 15% or less of the overall organization’s spend with AWS.

Requests

If you wish to open a new AWS account for SEAS supported activity, please provide the following four required pieces of information in an e-mail to aws-help@seas.upenn.edu:

  • Account Nickname
    • RESEARCH GROUPS: A short name for this account related to your research project (e.g. robot-ai), all letters, numbers, and dashes, starting with a letter. NOTE: this should not be an e-mail address. If you do not provide one, we will use your PennKey username by default.
    • COURSES: DEPT-COURSE# (e.g. cis-565)
  • Funding Source (a.k.a. “Budget Name/Code”)
    • (either grant or fund name or 26 digit numeric code starting with 130-)
    • This funding source will be charged for all expenses incurred by this AWS account, intentional or otherwise
    • Please obtain faculty chair approval if this is an academic request for courses
    • This is required even if AWS has given you credits toward usage; the funding source will only be charged if you exhaust the provided credits
  • PennKey username(s) of whomever needs to login to the AWS account
  • Name of faculty advisor / PI who is responsible for the activity of this account; if this is not you, please CC: that responsible party when sending in your request
  • Penn Data Risk Classification  (high, moderate or low) based on the level of data sensitivity, government regulations, and the University policies 

Expectations

You will be provided with:

  • ACCESS: a URL which lets you login to the AWS@Penn portal with your PennKey username and password
  • ENTERPRISE SUPPORT: directions for logging in and obtaining support from AWS

You will be responsible for:

  • EXPENSES: all costs associated with using AWS resources under this account
  • SYSTEMS ADMINISTRATION: this AWS account is being provided as an Infrastructure as a Service (IaaS), where you are responsible for installing and configuring an OS on your compute instances and any required software
  • LICENSING: acquiring, contracting, or linking to existing licenses for any software used by your AWS resources
  • MONITORING: monitoring and adjusting resource usage to ensure you do not overrun your expense limits
  • SECURITY: maintaining security of any resources (including, but not limited to, security patches for operating systems, secure permissions for data, secure policies for administrative access, secure network controls)
  • POLICY: abiding by the Acceptable Use of Electronic Resources policy

Please allow at least three business days from receipt of request (or final budgetary approval if required) to availability of account.

Funding Source (Budget Name / Code)

Cost estimation can be a very complex issue for cloud services. They even have applications built around this process, but they all require that you have a foundational understanding of how your problem space maps to your expected usage of the provider’s various services. AWS, for example, has a large matrix of services and service models , and in order to estimate your expected costs, you would have to take each service’s price rate for the specific level(s) of service you require (e.g. EC2: which model(s) of virtual machines you request, S3: how much data gets pulled back out of AWS, network utilization, etc.) and multiply by your expected usage rates per month.

When we ask for a budget, we do not expect you to know the above answer, but rather we are asking for which account will be charged for your expenses, expected or otherwise. If the requester of an AWS account is not the PI, then we assume PI approval has already been obtained and they would know which budgetary account they wish to use to pay for the cloud service. You may need to tell them how much you expect / plan to use in order for them to approve this ongoing expense (even if you stop “using” your AWS account, we will continue to be charged until all resources are shut off and deleted).

What is “AWS Educate”? (OBSOLETE)

AWS Educate was an independent program that allowed faculty to register their course(s) with AWS. In return, they could set up specially constrained student activity accounts with a starting amount of credit for their course(s) each semester. The faculty member was then responsible for requesting additional credits should a student go over the initial allotment. AWS Educate accounts could be integrated with independent AWS@Penn accounts, and cannot access AWS Marketplace products (such as GPU enabled AMIs).

AWS has replaced this program with AWS Academy, more to come on this as we sort through the changes and what they mean to users.