Versions Compared

Old Version 8

changes.mady.by.user Evan Parker

Saved on

compared with

New Version Current

changes.mady.by.user Ashley Griffin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

AWS Console Login:

...

...

  • jcsda-noaa

...

AWS Spend Overview (update every month on the 10th for the previous month using the numbers from the AWS Cost Explorer): https://docs.google.com/spreadsheets/d/19f3kLF-IJg7IrmPdA6c3L3nSwWY1WqVQI79Ihp-6Lco/edit#gid=1457851180

Old Other AWS confluence pageWiki Pages:


Table of Contents

Table of Contents

...

  1. Request a new IAM User account from one of JCSDA’s AWS admins (a member of the JEDI infra team). If you are on JCSDA slack you can ask in jedi-infra-support otherwise you can email evanp@ucar.edu.
    1. You will be provided with a username, a one-time password, and a login-link.
  2. Visit the login link and log in. You will be prompted to change your password.
  3. You are now presented with the console home page.
    1. Set your default region to “Ohio us-east-2” unless instructed otherwise.
  4. Use the search bar to find the “IAM” console, this can be bookmarked by clicking the star.
  5. From the IAM page navigate to “My security credentials” which should be available under the “Quick Links” panel. You will see the following options:

  6. From the “My security credentials” page, use the “AWS IAM Credentials” tab click “Assign MFA Device” and configure at least one 2-factor authentication method such as Duo on your phone, or a physical security key if you have one.
  7. From the “My security credentials” page, use the “AWS CodeCommit credentials” tab to upload your Public SSH key.
    1. If you already have a ssh key you should find the public key at ~/.ssh/id_rsa.pub.
    2. If you have a ssh private key at  ~/.ssh/id_rsa but you don’t have a public key, you can use the keygen program to generate a public key This case can come up when users have already generated a private key from the AWS EC2 key service.
          ssh-keygen -f ~/.ssh/id_rsa -y > ~/.ssh/id_rsa.pub
    3. If you do not have a ssh key you can generate one at the shell using the command ssh-keygen. When asked for a password just press enter twice to generate a passwordless key (access to your computer will gate access to your ssh key). When the keygen is complete the program will output your key to the file ~/.ssh/id_rsa.pub.

...

  1. Install the AWS CLI if necessary (HPC platforms include the CLI in spack-stack).
    1. Mac: from your shell run brew install awscli  or use one of the other recommended install methods 
  2. Go to your “My security credentials” page in the AWS console (see step 4 and 5 in Account setup).
    1. Click “Create access key” in the Access Keys panel.
    2. Select the “Command Line Interface (CLI)” use case.
    3. Check the box to acknowledge and disregard the other recommended options and click “Next”
    4. Give a short description like “Key for CLI use” and click “Create”
    5. Save the key ID and the key secret value in a secure location, you will need both in the next step.
  3. On the command line configure credentials for for your account using one of the commands listed below. The profile name is important since some of our tools (especially skylab) are sensitive to this profile name when authenticating resources. Use your key ID and secret gathered in step two. Configure the region to be the same as used above. Set your output format to “json”.
    1. To configure jcsda-usaf
    4. :
      1. aws configure
    5. –profile
      1. --profile=jcsda-usaf-aws-us-east-2 
      2. Access Key ID and secret: see step #2 above
      3. Region: us-east-2 
    2. To configure jcsda-noaa
    6. :
      1. aws configure
    7. –profile
      1. --profile=jcsda-noaa-aws-us-east-1
      2. Access Key ID and secret: see step #2 above
      3. Region: us-east-1

Pages

      1.  

Glossary

  • AWS: Amazon Web Services, a cloud computing platform provided by Amazon. It provides a wide range of cloud computing services including virtual servers, data storage, databases, and applications.
  • AWS Account: A standalone grouping of resources in AWS that organizes service resources, authentication and authorization policies, billing details, monitoring, and more. While AWS Accounts have a “root user” they can also allocate many additional user accounts, service accounts, and can use federated authentication.
  • IAM: The AWS service “Identity and Access Management”. This service is tied to all AWS account resources for a specific account and it used to specify resource permissions and user identities. The “Identity” component allows the creation of user accounts, service roles, and federated login. The “access management” component allows the creation of policies that gate access to services and/or specific service resources (such as read or write on a specific S3 bucket).  Within some narrowly defined limits, IAM policies can be used to allow cross-account access.
  • IAM Policy: A resource that defines permissions within AWS. Each policy specifies actions that are allowed on specific IAM resources. Policies are attached to IAM users and/or roles.
  • IAM User: A login-account for human users of AWS accounts. Each IAM user is associated with a specific AWS account.AWS ParallelCluster