Welcome to the NET+ Amazon Web Services (AWS) wiki.
Many Internet2 member institutions take advantage of this service offering. If your institution is one of them then this wiki will provide details on how to make the most of your participation of the programming and interact with peers across Internet2 member institutions.
This program is open to all Internet2 higher education, affiliate and federal affiliate members as well as non-member higher education institutions. If you are looking details on how to join the program, please visit the Sign Up Tab of the NET+ AWS webpage.
You can also find out more about the Internet2 Cloud Connect offering for AWS Direct Connect.
Service Documentation and Resources
NET+ AWS Portal Identity Guidance - For end user self service AWS account requests
- InCommon-enabled Group to role mapping for AWS Accounts
- Cloud Controls Matrix - please email email@example.com
Higher Education Cloud Vendor Assessment Tool (HECVAT) - pending
Contract and Pricing:
NET+ AWS Enterprise Customer Agreement - please email firstname.lastname@example.org
- NET+ Infrastructure and Platform Services (IPS) Program Participation Agreement and Schedule - pre-req for subscribing to NET+ AWS
Participate in our Online Community (Subscribers Only):
Institutions participating in the NET+ AWS program may take advantage of our email discussion list and Slack channel to receive curated program updates and participate in other activities and events. Please contact email@example.com to be added.
Join the AWS Community Forum (Open to all community members):
Users of AWS are encouraged to join the AWS Community Channel in the Educause Cloud Community Group Slack. See the Higher Ed Cloud Community Conversation and Additional Resources page on the Cloud Wiki for instructions to join.
Collaborate on the Cloud Wiki:
Speaking of community, did you know about the Cloud Wiki? This was created specifically for YOU, members of the higher education community to collaborate with each other. Log in to see a Cloud Job descriptions page and contribute your knowledge!
Looking to share your latest Terraform config? Add it to the Cloud Wiki Helpful GitHub Repos list or email firstname.lastname@example.org to request access and create a repo in the Community Cloud Config GitHub organization.
Questions on Billing, AWS Orgs, or CloudCheckr:
Find answers to frequently asked question in these Knowledge Base articles.
- Organizations - Customer On-boarding and Management
- DLT Secure Handling Of AWS Accounts And Organizations
New Accounts created through Organizations do not include Support by default. To change this to DLT Business Support, follow the instructions in How To - Change AWS Support Option
- AWS Control Tower
To prevent DLT from getting 1000 credit memos for the Data Egress Fee Waiver (DEFW) payer, the discount is built into the utilization invoice. For Universities that have their own Payers, AWS is billing utilization at MSRP and then giving us credit memos for DEFW which is shown on the face of the invoice submitted to the customer. Does not appear on backup file. Does appear in CloudCheckr.
Key Program Updates
Subscribers may review our mailing list archives for monthly program and AWS updates.
Thanks to all who the training, and special thanks to Danyell Wilt and the entire AWS team for providing great content and support for answering all the questions.
The video of the session is available at:
Here are Danyell's slides:
And here are Sara Jeanes' slides:
The Q&A from the session is here:
Peter Traub, Sr Cloud Infrastructure Engineer at University of Virginia has put together a great guide to adopting AWS Control Tower. His guide is now hosted on the NET+ AWS service page - AWS Control Tower Adoption Strategies.
Since last Spring, subscribers to NET+ AWS have had access to AWS Organizations, which provides a management framework for AWS accounts, and permits administrations to apply service control policies to various Organizational Units (OUs) within their Organization.
Late last Summer, AWS announce Control Tower, a feature native way to deploy accounts and enforce Guardrails in an AWS patterned way. This functionality was limited to deployment in a completely separate Organization, but in coordinating with a small team of schools, DLT and Internet2 devised a way to deploy Control Tower. These canary schools reported back that while Control Tower can be run, but most should hold off until Control Tower could be run natively in existing AWS Organizations. Today is that day.
Last night, AWS announce that Control Tower can now be run in existing AWS Organizations! While the participating schools are testing the functionality, it does appear Control Tower can be deployed within the OU of an existing Organization. The AWS team posted a blog post with additional details here: https://aws.amazon.com/blogs/field-notes/enroll-existing-aws-accounts-into-aws-control-tower/. If you are a NET+ AWS schools who has deployed an AWS Organization, you should be able to test out the functionality today. We would highly encourage you attend the bi-weekly AWS Orgs and Control Tower call to trade notes with your colleagues and share the pitfalls. We have also on more than one occasion found a bug that collided with common higher ed deployment patterns that needed to be reported back to AWS Engineering.
If you would like to attend the call, or request an AWS Organization for your university, please reach out!
The NET+ AWS Advisory Board, DLT, and Internet2 have worked over the last few months to update the subscriber Enterprise Customer Agreement (ECA). The ECA was last updated in 2017 to include a Business Associates Agreement (BAA) in the program.
With this now available update, subscribers can now access professional services from any participating Partner in the AWS Partner Network. To minimize the hurdles of engaging a Partner, these services can be accessed directly via Statements of Work delivered by DLT under this Agreement. Additionally, the BAA now includes a direct link to all HIPAA eligible services and no longer restricts HIPAA workloads to dedicated instances. To make use of these new features, subscribers will need to execute a new ECA. Please email email@example.com to get that process started.
We welcome you to join us on biweekly community calls. Our Wednesday morning call focuses on the Technology and tactics of running AWS as scale. Our Thursday call deep dives on the technical particulars of Organizations and Control Tower.
Reach out to firstname.lastname@example.org to be added to the invites.
The following topics are planned for the Wednesday Technology and Tactics call:
- 3/25 - A review of IPv6 on AWS
- 4/8 - A facilitate a conversation on AWS Educate
Hope you can join us!
The great thing about AWS Re:Invent is that all the sessions get posted to YouTube 48 hours after they happen. These two sessions are especially relevant to NET+ AWS subscriber. Thanks to Mark Larsen for flagging these.
Architecting security & governance across your landing zone (SEC325-R2) (aka AWS Orgs OU configuration recommendations)
Feel free to post additional session videos in the comments below.
NET+ AWS is widely adopted by Internet2 higher education members, but is also available to Affiliates and Federal Affiliates as well. NET+ AWS is also available to Regional Networks for their own use (i.e. not for resale). Inquires can be sent to email@example.com.
The NET+ AWS community team is happy to announce integration of Control Tower functionality with NET+ AWS, and feature parity with direct-deployed Control Tower implementations. NOTE: Control Tower requires the set up a completely new Organization, and does not currently support merging multiple Organizations so if you have existing AWS accounts we are recommending either deploying Landing Zones, or waiting until the AWS feature launch of existing account migrations (expected for the second half of 2019). Please reach out to firstname.lastname@example.org if you would like to join the Control Tower Beta.
Now that more than 20 campuses have deployed AWS Organizations through the NET+ AWS program, we are officially declaring AWS Organizations generally available. Community members have developed the set of knowledge base articles below and are creating a set of recommended Service Control Polices (SCPs) in the Community Cloud Config GitHub organization. Please reach out to email@example.com if you would like to deploy an AWS Organization.
NET+ AWS Service Advisory Board (SAB) Membership
- (Chair) Gerard Shockley, Boston University
- Cornelia Bailey, University of Chicago
- Asbed Bedrossian, University of Southern California
- Scott Kirner, University of Notre Dame
- Bob Flynn, Indiana University
- Sarah Christen, Cornell University
- Jim Jokl, University of Virginia
- Damian Doyle, University of Maryland Baltimore County
- Jeff Gumpf, Case Western Reserve University
- Jeff Schneider, College of the Ozarks
- Sara Jeanes, Internet2, Staff Liaison
- Mike Cannady, AWS, Staff Liaison
To Contact the Service Advisory Board
NET+ AWS Advisory Board Goals
- Internet2 NET+ Service Management firstname.lastname@example.org
- DLT Customer Team email@example.com
- DLT Ops Team
- Internet2 Program Manager: Sara Jeanes firstname.lastname@example.org
Send Feedback or Submit a Feature Request:
The NET+ AWS program is managed by an Internet2 program manager with the support of the NET+ AWS Service Advisory Board.
The NET+ AWS Service Advisory Board reviews and priorities community feature requests on a periodic basis. Feature requests may be submitted to email@example.com.
- No labels