Welcome to the NET+ Amazon Web Services (AWS) wiki.
Many Internet2 member institutions take advantage of this service offering. If your institution is one of them then this wiki will provide details on how to make the most of your participation of the programming and interact with peers across Internet2 member institutions.
This program is open to all Internet2 higher education, affiliate and federal affiliate members as well as non-member higher education institutions. If you are looking details on how to join the program, please visit the Sign Up Tab of the NET+ AWS webpage.
You can also find out more about the Internet2 Cloud Connect offering for AWS Direct Connect.
Service Documentation and Resources
NET+ AWS Portal Identity Guidance - For end user self service AWS account requests
- InCommon-enabled Group to role mapping for AWS Accounts
- Cloud Controls Matrix - please email email@example.com
Higher Education Cloud Vendor Assessment Tool (HECVAT) - pending
Contract and Pricing:
NET+ AWS Enterprise Customer Agreement - please email firstname.lastname@example.org
- NET+ Infrastructure and Platform Services (IPS) Program Participation Agreement and Schedule - pre-req for subscribing to NET+ AWS
Participate in our Community Conversation (Subscribers Only):
Institutions participating in the NET+ AWS program may take advantage of our email discussion list and Slack channel to receive curated program updates and participate in other activities and events.
We also host bi-weekly AWS Technology & Tactics calls where campus cloud enablement professionals, cloud engineers and developers, meet to discuss their challenges, share lessons learned and collaborate to find the best answers for their institutions' AWS deployment.
Please contact email@example.com to be added to any of these conversations.
Join the AWS Community Forum (Open to all community members):
Users of AWS are encouraged to join the AWS Community Channel in the Educause Cloud Community Group Slack. See the Higher Ed Cloud Community page on the Cloud Wiki for instructions to join.
Collaborate on the Cloud Wiki:
Speaking of community, did you know about the Cloud Wiki? This was created specifically for YOU, members of the higher education community to collaborate with each other. Log in to see a Cloud Job descriptions page and contribute your knowledge!
Looking to share your latest Terraform config? Add it to the Cloud Wiki Helpful GitHub Repos list or email firstname.lastname@example.org to request access and create a repo in the Community Cloud Config GitHub organization.
Questions on Billing, AWS Orgs, or CloudCheckr:
Find answers to frequently asked question in these Knowledge Base articles.
- Organizations - Customer On-boarding and Management
- DLT Secure Handling Of AWS Accounts And Organizations
New Accounts created through Organizations do not include Support by default. To change this to DLT Business Support, follow the instructions in How To - Change AWS Support Option
- AWS Control Tower
To prevent DLT from getting 1000 credit memos for the Data Egress Fee Waiver (DEFW) payer, the discount is built into the utilization invoice. For Universities that have their own Payers, AWS is billing utilization at MSRP and then giving us credit memos for DEFW which is shown on the face of the invoice submitted to the customer. Does not appear on backup file. Does appear in CloudCheckr.
Key Program Updates
Subscribers may review our mailing list archives for monthly program and AWS updates.
NET+ AWS by DLT Newsletter
Here is our latest NET+ AWS program newsletter. This newsletter contains 5 sections including: program news and notes, community events, AWS feature releases, general updates from Internet2 and general updates from DLT.
News and Notes
AWS SSO & Grouper: Seeking Additional Participants
This group is exploring best practices in the use of Grouper with AWS to manage roles and permissions within the AWS environment. The current goals are to document the best practices, including sharing working examples, to identify gaps and propose future work to fill them. If you are interested in participating, please contact Oren Sreebny (email@example.com).
AWS Technology and Tactics calls
For the past year there have been two regular calls on specific AWS technology topics: AWS Organizations and AWS Control Tower. For 2021 we have replaced those calls with a single bi-weekly call on AWS Technology and Tactics. The goal is to have a regular discussion forum for subscribers implementing AWS in the NET+ program, along with colleagues from AWS and DLT, to discuss the technical topics of interest to them. If you are interested in participating in these calls, please contact Oren Sreebny (firstname.lastname@example.org).
Welcome new NET+ AWS Service Advisory Board Members
Join us in welcoming The Pennsylvania State University and the J. Paul Getty Trust to the NET+ AWS SAB. They are represented by Rick Rhoades and David Lacey respectively. We also welcome Chris Manly replacing Sarah Christen representing Cornell University and James Bennett replacing Bob Flynn at Indiana University. See the full list of SAB members and how to contact them on the NET+ AWS service page https://spaces.at.internet2.edu/pages/viewpage.action?pageId=158663221
Community Stories and Events
Kevin Murakoshi’s Re:Invent Recap
On January 26 Kevin Murakoshi from AWS held a session where he went over announcements from Re:Invent 2020 that he thought were of potential interest to higher education. The recording of the event and Kevin’s slides are available here: https://drive.google.com/drive/folders/1WtZS89vMsRqyeFHxzcwFJz5x3qja9HyI?usp=sharing
I2 Online: Self-service research environments
An upcoming I2 Online event will explore two new AWS-based services that enable campuses to manage self-service environments for researchers. Parice Brandies and Nathan Albrighton will speak about RONIN and its use at the University of Sydney, and Paul Avillach and Madhu Bussa will show the AWS Service Workbench and its use at Harvard Medical School. The event will take place on February 24 from 3:30 - 5:00 pm Eastern. To register for the live event and receive notification of the availability of the recording, see https://bit.ly/2YhmZeC.
The February session of the Cornell Cloud Forum will feature Dr. Julia Lane, Professor at the NYU Wagner Graduate School of Public Service whose team was asked by the OMB and the Census Bureau to build a secure environment to inform the decision-making of the Commission on Evidence-Based Policy. The result was The Administrative Data Research Facility, a repository of over 100 confidential data sets, built on AWS. The event opens with a presentation on using Terratest to manage IaC by the cloud team at the University of Colorado.
The Cloud Forum takes place this Friday, February 12 at 12pm ET. Details available at http://blogs.cornell.edu/cloudforum/home/agenda/
Key Product or Feature Updates
Amidst the sea of announcements and updates from AWS Re:Invent this year (I personally hope the new virtual format is here to stay!) there were a few that stick out to me (Oren) as worthy of special mention (for more on Re:Invent 2020, see Kevin Murakoshi’s recap session linked above).
The introduction of container image support for AWS Lambda feels like a fairly fundamental shift in the way Lambda services are deployed and managed. If you’re using Lambda at all, or looking into building serverless apps (and why wouldn’t you be doing that?), you should watch Chris Munn’s talk on YouTube: https://youtu.be/X-1xf-DbCBk
At last! A browser-based Cloud Shell comes to AWS! https://docs.aws.amazon.com/cloudshell/latest/userguide/welcome.html
Understanding ML bias and why ML models make the predictions they do is increasingly important. Sagemaker Clarify is a new service that helps do just that. Here’s a Re:Invent talk on it. https://youtu.be/kJdOxZwiyJo
And if you’ve got departments looking for ways to teach practical applications of ML, the new Sagemaker Jumpstart offers prebuilt models as starting points for exploration of using ML in common scenarios. The initial batch of models include financial fraud detection, demand forecasting, purchase modeling, handwriting recognition, and others. Could be very useful in business schools, econ departments, and beyond. Here’s a blog post about it: https://aws.amazon.com/blogs/aws/amazon-sagemaker-jumpstart-simplifies-access-to-prebuilt-models-and-machine-learning-models/
Updates from Internet2
Welcome Bob Flynn
We are pleased to welcome Bob Flynn to the Internet2 team as program manager for Cloud Infrastructure & Platform Services. Bob joins us after 20+ years at Indiana University where in recent years he managed cloud technologies. He has served on the NET+ AWS SAB for several years and chaired the NET+ GCP SAB. Bob is an active leader in the higher ed cloud conversation as an organizer of the Cornell Cloud Forum and serving as co-chair of the Cloud Computing Community Group from 2017-2020. You can reach Bob at email@example.com.
Check out the Latest NET+ Update
Our latest community update includes service news, a recap of virtual events and opportunities to help us plan for 2021. Of particular interest to our NET+ AWS community might be the CloudCheckr Premium service validation. Check it out! Get involved.
Cloud Retention and Storage Working Group: Seeking Additional Participants
Cost-effective storage of video assets has become a hot-button issue as work and teaching were forced to go virtual during the pandemic. This CSTAAC working group is working with NET+ members and service providers to identify and document best practices (in both policy and technical realms) for video storage and to recommend opportunities for concerted community action. If you are interested in participating, please contact Oren Sreebny (firstname.lastname@example.org).
Updates from DLT
DLT & AWS continue to help education institutions of all sizes soar higher and further in the cloud. Cloud computing has been touted as a disruptive technology for years. Nothing has tested those claims more than the COVID-19 Pandemic. Cloud adoption at this scale normally would have taken years has been accelerated to months. Even with a surge of schools opting for in-person learning starting in February many are still continuing to conduct instruction and operations online. Schools are embracing the vast delivery of courses and operational benefits cloud provides. Each month DLT and AWS will be focusing on a specific education-focused cloud solution. DLT along with our strategic partners have aligned to help support schools by region and solution offering. Starting in February here’s a preview of what to expect…
Back-Up & Recover Data Simply and Securely with Storage Solutions from AWS and DLT
Universities have complex data storage and retrieval needs ranging from admissions, distance learning, research, and general operations to human resources. Accidental file deletion, ransomware attacks, or unforeseen events can be both costly and distressing resulting in downtime and lost revenue.
Cloud-based backup and disaster recovery solutions are becoming increasingly popular among educational institutions. Education entities of all sizes are getting away from traditional on-premises backup and recovery solutions due to the large upfront investment in infrastructure and ongoing, specialized maintenance. More schools are now leveraging the flexibility and scalability of the cloud for more efficient, durable, and secure backup storage.
Migrate Windows workloads to AWS
If I asked you which cloud provider had the most experience running Microsoft applications, would you know the answer? You might be surprised. Customers have been running Microsoft Workloads on AWS since 2008 – two years before Microsoft Azure became commercially available.
With Microsoft applications making up 60% or more of most on-premises data centers, more and more schools are moving their Microsoft workloads to AWS to improve performance, increase availability, and improve their security posture. AWS offers the ideal infrastructure for Windows. Migrate to AWS with DLT to secure your Windows workloads.
LabArchives releases Jupyter Notebooks integration
NET+ LabArchives reached 20 subscribers earlier this year. The Electronic Lab Notebook (ELN) is being used successfully enterprise wide by tens of thousands of faculty and researchers in the Internet2 community. In the coming months, the NET+ LabArchives Service Advisory Board members will evaluate for inclusion in the NET+ program two other LabArchives products: LabArchives Scheduler, which has ~70,000 users worldwide, and LabArchives Inventory. Recently, LabArchives integrated with Jupyter Notebooks. The new integration with Jupyter Notebooks empowers users to capture data science, scientific computing, and machine learning workflows within LabArchives ELN for Research.
NET+ GCP offers the easiest path to use of the NIH STRIDES program
The National Institutes of Health STRIDES program offers deep discounts on cloud usage for NIH-funded research work. Enrolling an institution to take advantage of STRIDES with NET+ GCP only requires filling out an additional order form with your chosen NET+ GCP reseller. For more information on using NET+ GCP with STRIDES check out our blog post or email email@example.com.
NET+ AWS campuses implement AWS Organizations and Control Tower
AWS Organizations and Control Tower are AWS features that help institutions to manage and govern their multi-account AWS environments. The NET+ AWS Organizations and Control Tower working groups have helped map out strategies for campuses to successfully implement Control Tower in their AWS environments, and Internet2 published a post by Peter Traub outlining the implementation of Control Tower at the University of Virginia. If you are interested in participating in these working groups, please email firstname.lastname@example.org
Here are some recent items that community members have shared for using AWS in their higher ed environments:
Shelley Rossell from the Univerrsity of Chicago shares this useful document on Managing Guard Duty accounts with AWS Organizations. You can use this to name a GuardDuty master account for the organization and other accounts in the organization can be viewed and added as GuardDuty member accounts.
Shelley also shares a document from Amazon on how to use AWS SSO for easy authentication to the AWS CLI, which means that individual CLI users don't have to separately manage keys for access.
Aaron Hunnewell from the University of Virginia notes that he found this recent post on How to Manage AWS SSO Account Assignments in CloudFormation to be useful.
And Nathan Dors from the University of Washington has pointed us to this very useful example of how the UW is allowing AWS users to link Grouper groups to AWS roles.
Thanks to all who led the training, and special thanks to Danyell Wilt and the entire AWS team for providing great content and support for answering all the questions.
The video of the session is available at:
Here are Danyell's slides:
And here are Sara Jeanes' slides:
The Q&A from the session is here:
Peter Traub, Sr Cloud Infrastructure Engineer at University of Virginia has put together a great guide to adopting AWS Control Tower. His guide is now hosted on the NET+ AWS service page - AWS Control Tower Adoption Strategies.
Since last Spring, subscribers to NET+ AWS have had access to AWS Organizations, which provides a management framework for AWS accounts, and permits administrations to apply service control policies to various Organizational Units (OUs) within their Organization.
Late last Summer, AWS announce Control Tower, a feature native way to deploy accounts and enforce Guardrails in an AWS patterned way. This functionality was limited to deployment in a completely separate Organization, but in coordinating with a small team of schools, DLT and Internet2 devised a way to deploy Control Tower. These canary schools reported back that while Control Tower can be run, but most should hold off until Control Tower could be run natively in existing AWS Organizations. Today is that day.
Last night, AWS announce that Control Tower can now be run in existing AWS Organizations! While the participating schools are testing the functionality, it does appear Control Tower can be deployed within the OU of an existing Organization. The AWS team posted a blog post with additional details here: https://aws.amazon.com/blogs/field-notes/enroll-existing-aws-accounts-into-aws-control-tower/. If you are a NET+ AWS schools who has deployed an AWS Organization, you should be able to test out the functionality today. We would highly encourage you attend the bi-weekly AWS Orgs and Control Tower call to trade notes with your colleagues and share the pitfalls. We have also on more than one occasion found a bug that collided with common higher ed deployment patterns that needed to be reported back to AWS Engineering.
If you would like to attend the call, or request an AWS Organization for your university, please reach out!
NET+ AWS Service Advisory Board (SAB) Membership
- Gerard Shockley, Boston University, Chair
- Cornelia Bailey, University of Chicago
- James Bennett, Indiana University
- Asbed Bedrossian, Member Emeritus
- Damian Doyle, University of Maryland Baltimore County
- Jeff Gumpf, Case Western Reserve University
- Jim Jokl, University of Virginia
- Scott Kirner, University of Notre Dame
- David Lacey, J. Paul Getty Trust
- Chris Manly, Cornell University
- Rick Rhoades, Penn State University
To Contact the Service Advisory Board
NET+ AWS Advisory Board Goals
- Internet2 NET+ Service Management email@example.com
- DLT Customer Team firstname.lastname@example.org
- DLT Ops Team
- Internet2 Program Manager: Bob Flynn email@example.com
Send Feedback or Submit a Feature Request:
The NET+ AWS program is managed by an Internet2 program manager with the support of the NET+ AWS Service Advisory Board.
The NET+ AWS Service Advisory Board reviews and priorities community feature requests on a periodic basis. Feature requests may be submitted to firstname.lastname@example.org.
- No labels