Using AWS at U-M

Establishing Service

U-M has an enterprise agreement with AWS that provides reduces rates and a waiver of normal data retrieval (or “egress”) charges. To participate in the enterprise agreement, U-M users must sign for accounts via the U-M MCloud service

Using AWS

AWS has extensive documentation covering all aspects of deploy and using their services.Below is a set of quick tips for getting started using various AWS resources. These are just general items to keep in mind. U-M also has documentation on how to get started.

 

Identity and Asset Management

Create an “administrator” group that has full access to all resources and management of account.

Create a “user” group that has access to resources you define. Add policy templates as per your need. Be sure to include Access to IAM so users can change their own password and setup other IAM service tools.

Create account for administrative purposes and assign to the “administrator” group. Use this account for most all your management activities. There is a special sign-in url assigned to your project “id#”.???.aws.amazon.com that your users defined below will use to login.

Now create user accounts that are assigned to the “user” group.

Each user then should login via that username and create their own resources. They should also create their own secret ID and Key pair under IAM. This allows them remote access to various resources via command line applications and APIs.

Data Storage Management

Since each EC2 instance has its own EBS volume, users should create a dedicated EBS volume to hold their data and applications. This volume can then be attached to any one instance for portability. This will be especially helpful when getting spot instances.

Cost and time savings tips

Create a small instance to configure the OS and associated applications, libraries or other tools to do your work. Save this as a snapshot and then an Amazon Machine Image (AMI) in your own library. Use this AMI when deploying compute instances so you do not have to spend time reconfiguring.

Learn about deploying, using and managing Spot instances. These have the potential to be ⅕ the cost of on demand instances.

You are charged for a node running regardless of whether your job is finished. If you are not going to actively monitor your jobs for completion we suggest running jobs via a script that includes an email statement to you that your job is finished and then also perhaps poweroff the node. This is one reason to have a data EBS volume to write data on instead of the instance volume. When spot instances are stopped, they are destroyed, including data on that volume.

Consider adding billing monitor alerts so that if total usage exceeds a certain dollar amount, you will be alerted via email.

Security tips

Since EC2 is not a U-M IT managed service you are on your own for maintaining security of your instances. Please follow these minimum suggested tips to keep your Instance safe.

AWS makes use of ssh security keys for remote ssh login. Be sure to keep these safe.

To protect your instances from possible attack we suggest creating a “Security Group” with appropriate firewall rules for specific IP addresses and networks.

For U-M wired networks, add the following:

  • 141.211.0.0/16
  • 141.212.0.0/16
  • 141.213.0.0/16

For wireless:

  • 35.1.0.0/16
  • 35.2.0.0/16

For off-campus U-M locations, contact your local IT group for your particular network.

If you intend to work from your home you should add that IP address as well. A sample would look like below for a home router IP address 100.101.102.103

  • 100.101.102.103/32

Be advised that this address may not stay fixed, depending on your service provider policies. If you suddenly lose ability to remotely connect your IP address has likely changed.

Order Service

To take advantage of U-M’s enterprise agreement with AWS, which provides additional features including the waiving of data retrieval or “egress” fees, see these directions.

For more information:

Email hpc-support@umich.edu

Related Events

September 29 @ 1:00 pm - 4:00 pm

Introduction to the Linux Command Line

This course will familiarize the student with the basics of accessing and interacting with Linux computers using the GNU/Linux operating system’s Bash shell, also generically referred to as “the command…

September 29 @ 1:00 pm - 4:00 pm

Introduction to Research Computing on the Great Lakes Cluster

OVERVIEW This workshop will introduce you to high performance computing on the Great Lakes cluster.  After a brief overview of the components of the cluster and the resources available there, the main…

September 29 @ 2:00 pm - 4:30 pm

Intro to SQL

Ever want to know how to communicate with a database? You need to know SQL, a standard programming language for working with relational database management systems in data warehouses or…

September 30 @ 10:00 am - 12:00 pm

SPSS: Data Management

Each section will go over one chapter from the materials at https://cscar.github.io/workshop-spss/ Section 1: Basics of SPSS (9/16, 10am – 12pm) Section 2: Variables (9/23, 10am – 12pm) Section 3:…