Office of Information Technology


AWS Best Practices

"Migrating applications to AWS, even without significant changes (an approach known as “lift and shift”), provides organizations the benefits of a secured and cost-efficient infrastructure. However, to make the most of the elasticity and agility possible with cloud computing, engineers will have to evolve their architectures to take advantage of the AWS capabilities."

The Cloud Computing Difference
IT Assets Become Programmable Resources
Global, Available, and Unlimited Capacity
Higher Level Managed Services
Security Built In

Design Principles

Disposable Resources Instead of Fixed Servers
Loose Coupling
Services, Not Servers
Removing Single Points of Failure
Optimize for Cost
To learn more about AWS capabilities and the AWS Best Practices, check out these AWS sites:

UA AWS Sandbox

Welcome to the UA AWS Sandbox. This is a free service provided to you by OIT for learning and experimenting. Resources available are EC2 (Compute), S3 (Storage), RDS (Database), and VPC (Networking). As this project progresses and evolves, more services will be made available. Our goal is to make this a collaborative environment, where users are able to discuss and contribute to the current state of the sandbox in addition to providing a safe environment for our users to be innovative. A project website, currently under development expected to be published in the near future, will provide much more detail and roadmap information for UA AWS as a whole.


To begin using the UA AWS Sandbox, click the following URL:

Enter your UA username and password. While all services will be presented to you in the Amazon Management Console, you will only be able to access the previously mentioned services. Again, this is just the initial rollout of the sandbox, and as the reaper script is expanded, more services will become available to use.

For users wanting access to the UA AWS Sandbox, submit a Cherwell Ticket requesting access to the UA AWS Sandbox. The OIT Service Desk will be able to provision access.


  • Be courteous and respectful to peers in the sandbox
  • Do not spin up excessive resources (example:  100 compute nodes)
  • To keep cost low, the reaper service has been deployed to terminate/delete created objects every day at 4:00 am; therefore, please do not deploy services that require a persistent state, and assume zero data retention in the sandbox
  • By default, resources are limited in quantity; use only what you need to allow as many users as possible the opportunity to explore AWS services
  • Make a practice of terminating and deleting objects when no longer in use
  • Logins are done through a federated authentication service; sessions are limited to 1 hour intervals regardless of activity


Reaper Script This script is run as a lambda function to wipe all resources at 4am every day. To make services available in the sandbox, we need to be able to properly clean them up during the 4am cleanup window. We will be continuing to add support for all existing AWS services and new services as they come out. If there is a particular service that is important to you, feel free to submit a pull request adding support if you are able to get to it before we do.

API Key Provisioning for SAML Authentication This script is used to generate API keys on your local workstation using SAML credentials. These API keys can be used to interface with AWS services via the AWS SDK, Terraform, or other automation tools. The credentials timeout after an hour, as they have the same expiration as the SAML web login. Again, feel free to raise any issues or submit pull requests if you have suggestions for this script.

Learning and Community Resources

AWS Webinar Series

Slack channel at UA for Amazon discussions

Getting Started with AWS

Getting Started with Amazon EC2 Linux Instances

Getting Started with Amazon EC2 Windows Instances

Best Practices for Amazon EC2

We here at OIT are excited about introducing this new service to UA and look forward to future innovations and collaboration. Feel free to send us feedback, or ask questions to make this service even better!

Back to Top