AWS instances, by default, cannot connect to private campus networks. AWS VPN allows a secure connection from instances to U-M campus private networks. The VPN consists of two tunnels for automatic failover to avoid access interruption to your AWS VPC. ITS provides an option to increase redundancy by using two pairs of VPN nodes over sites. Should one site go offline, the other site will accept traffic. Customers providing a customer facing application or need production availability should use two tunnels.
Amazon Web Services
This page is for AWS account owners where their AWS accounts currently do not have access for ITS.Why this is neededITS is consolidating AWS accounts so they can be managed consistently under a new UM AWS Organization.
As part of that move, UM also needs a standard “access role” in each UM AWS account so our central team can complete onboarding tasks and manage required account integrations.
Overview
Creating IAM users within AWS is a common way to provide access to an AWS environment and leverages native AWS authentication mechanisms. However, this approach has many shortfalls that can compromise the security of your Amazon Web Services at U-M account. Additional critical issues include:
Sign Into AWS
MCommunity procedure
Create/Identify an MCommunity group for access to your AWS account.
Note:
Select the Owners must add members setting.
The name cannot contain spaces. Use - or . instead.
Populate group with appropriate members.
Tip: Consider having separate groups by role.