Amazon Web Services (AWS)
This page is authoritative for the architecture and management of HSPC's AWS account. Please keep this page updated, and do not post sensitive credentials! Please understand this page in its entirety and seek clarification on any issues prior to changing things in AWS. We're in this together. 
TODO Preston Lee Finish brain dump of AWS stuff here.
Overview
AWS Web Console: https://hspc.signin.aws.amazon.com
HSPC technical work stream leaders have consolidated a number of initiatives under a single HSPC account. General policies have evolved based on necessity. To use the HSPC AWS account:
- Your project(s) must have an assigned VPC with an associated budgetary structure, approved by the COO and set up by an administrative user. This is for monthly reporting purposes and to ensure that HSPC is able to accurately forecast budget needs.
- You must have an IAM identity (aka username/password credentials) and be added to the appropriate security group(s) for the services and partitions you need. If you need API access or other services not typically used, please specify your needs when your account is being created. It's not a big deal to get you reasonable access, but the default permissions are conservative.
Administrative Access
The HSPC COO retains the login credentials for the "root" AWS account. Individual user accounts are granted and managed through AWS IAM, group, and policies. Most tasks can be accomplished by an IAM user with administrative rights, but select functions (such as CloudFront keys and billing changes) may require the "root" account. Potential points of contact for routine AWS matters requiring administrate access:
Billing & Reporting
Most HSPC AWS usage is billed by Amazon to HSPC on a single monthly invoice and paid automatically by credit card. Automated reporting, forecasting, and notifications are set up within the native AWS console to ease the accounting burdens as much as possible. Every budgeted initiative is declared according to its approved monthly month, and notifications sent when forecasted actual expenses exceed a configured threshold of the budget.
Technology Architecture
Regions & Pricing
AWS does not operate out of a single physical data center. It is an interconnected worldwide network of a data centers called "regions", each with distinct pricing tables. Each region is further subdivided into "availability zones" that must be accounted for in High Availability (HA) applications. Not all services are available in all regions, and some regions are inherently more expense than others. The US East Virginia region is the preferred location for new services deployment, both for cost reasons as well as latency reduction to national resources.
Virtual Private Cloud (VPC) Strategy
TODO Preston Lee
Object Tagging
TODO Preston Lee
Common Deployment Patterns
TODO Preston Lee