Amazon Web Services, Requesting an Account
How to request an Amazon Web Services account
To sign up for an Amazon Web Services (AWS) account, click the "Request an AWS Account" link at aws.illinois.edu. The form requires some information before an account can be provisioned:
- Account Owner Email: Who owns the account?
- IT Support Email: Who can create Active Directory accounts on behalf of the account owner?
- Business Contact Email: Who manages the CFOP that will pay for the account?
We recommend using distribution lists for these contact addresses so they're not tied to a single individual. You may also list multiple email addresses for any of the contacts separated by spaces.
We also require a University of Illinois CFOP which can pay for your usage.
In 2022, we will be introducing a new Amazon Web Services (AWS) account request page. To sign up for an Amazon Web Services (AWS) account, click the "Request an AWS Account" link at aws.illinois.edu
. (A new link to the TDX Form to request an AWS Account will be provided when available.
) If you have questions about completing this form, please contact email@example.com
You should review the information provided here about the account before completing the request. You should collect the following information:
- Your department's IT contact email address. IT support will manage Active Directory groups on your behalf. To find your department IT support contacts, see your department’s main web page or see IT Links.
- Your department's Business office contact email address. To find your Business office, see your department's web page.
- Your Business office contact will generate a University CFOP billing account number and optional Activity Code that will be used to pay for AWS charges.
- Your data classification for any data used in the AWS account. For more information, see Data Classification.
Multiple users may access the AWS account using roles. There are four predefined default roles. Additional roles may be added after the account is created. The default roles are:
- Admins : for account administrator users (default for account requestors)
- Businessoffice : for Business office users used to monitor account expenses
- Powerusers : for developer users
- Readonly : for users to access the account for review purposes
Here's a list of all the fields and descriptions of the information required for each. those fields marked with a red asterisk (*
) are required.
- * Account owner contact email(s). You can provide group or shared mailboxes. Multiple emails may be entered separated by spaces.
- * Account owner Manger's email or Project Manager's email. Multiple emails may be entered separated by spaces.
- * IT Support emails. IT support will manage Active Directory groups on your behalf. To find your department's IT support contacts, see your department’s main web page or see IT Links.
- * Billing contact/business office email(s). Billing contact will provide a CFOP number for billing purposes. To find your department's business office contacts, see your department’s main web page.
- * A CFOP is an account used to pay for AWS usage. A CFOP is a 19-digit number provided by your department’s billing/business office. For more information about CFOPs, see CFOAPAL Quick Guide. The format of the CFOP is 1-22222-333333-444444.
- University Activity Code (Optional). The use of an Activity Code varies between Business Offices. The Activity Code may be an alpha-numeric code. The activity code comes at the end of a CFOP: 1-222222-333333-444444-activity.
- * What group or project will this account support? You can list your department and/or research group name working on this project.
- If this is a student account, then the student's department IT would support it.
- If this is a research account, then the researcher or a graduate student is supporting it.
- If this is a production service, then there will be a department team supporting it.
- * What data classification do you have for your project? For more information, see Data Classification. Regular auditing will occur on accounts to discover if sensitive data is stored in the account. If sensitive data is found in the account, the account will require additional safeguards applied to the account, and/or the possible shutdown of the account. Here is a brief description of the data classification categories.
- Government restricted: Controlled Unclassified Information (CUI) and other National Security Information (NSI) data classifications.
- High Risk: Highly sensitive data includes, but is not limited to, information such as credit card data, social security numbers, driver’s license numbers, and medical records.
- Sensitive: Sensitive data includes, but is not limited to, information such as student (FERPA) protected data and information covered by Non-Disclosure Agreements.
- Internal: Internal Data includes, but is not limited to, information such as research data prior to publication.
- Public: Information that is classified as public information can be freely shared with the public and posted on publicly viewable web pages.
- * Funding source: Are you, or your funding source, in the Grainger College of Engineering? Yes/No
- * Will you need a Public S3 bucket for webpage content? Yes/No
- * Default monthly budget amount? The Cloud Operations team will create a default monthly budget with email messages being sent once the budget reaches 80%. If desired, you can later edit the parameters for your budget in AWS Budgets.
- Additional email addresses for budget alerts. (Optional) Multiple emails may be entered separated by spaces.
- Estimated total AWS budget. (Optional)
- Estimated project end date. (Optional)
- * Is this a grant funded project? Yes/No
- * Is this account used for a course? Yes/No
- * Which AWS Regions do you expect to use? Do you expect to work in US-only Regions, or in other regions combined with US Regions located in South America, Europe-Middle East-Africa, or Asia Pacific? AWS offers services in multiple regions and edge locations. For more information, see AWS Regions. The choices are US-only regions or All regions.
- Do you have any specific requirements or other information about the account? (Optional) You can provide additional notes.
Before submitting the ticket for the account, please review the list of responsibilities to understand who is responsible for activities in the cloud.
AWS is responsible for the following:
- Helping customers with design and implementation.
- Ensuring AWS service availability.
- Communicating and documenting service issues.
- Communicating and documenting service offerings.
- Providing support for escalated issues.
Technology Services at Illinois is responsible for the following:
You are responsible for the following:
- Creating/deleting subscriptions.
- Re-billing for subscription charges.
- Helping customers with design and implementation.
- Escalating issues to AWS.
- Communicating about large issues or changes to AWS that could impact customers.
- Paying for the usage consumed within your AWS account.
- Monitoring usage for appropriate as well as unauthorized access, and to prevent unexpected costs from being incurred.
- Provisioning and de-provisioning resources within your AWS account.
- Securing access to their AWS account per university requirements, policies, and standards, and as appropriate to the system risk level. Risk level can be determined using the
Risk Level questionnaire. Risk level takes into account both business process criticality and data classification.
- Securing the resources within their AWS account per university requirements, policies, and standards, and as appropriate to the system risk level.
- Ensuring that data is stored, processed, transmitted, and accessed per university requirements, policies, and standards, and as appropriate to the system risk level.
- Use the AWS account exclusively for University business in accordance with University policies pursuant to the State of Illinois Code of Personal Conduct.
- Ensuring the latest security updates are applied to virtual machines and other resources through a regular maintenance schedule.
- Designing the objects in your AWS account to meet applicable regulatory requirements.
- Staying up to date on changes made by AWS to AWS products.