AWS - Access for non-UW collaborators

Recommended:   Affiliate NetID Access

By default all UW AWS accounts will be accessed using NetID authentication.   This extends the security provided by NetID authentication & Multi-factor Authentication to UW AWS accounts. (AWS - Sign In to the AWS Management Console )

AWS authorization groups are managed using the campus Manifest service.   

• The recommended way to provide access to non-UW collaborators is to invite them to create a NetID:    Manifest - Using a Manifest Group to Invite People to Create Identities (NetIDs) 
• For longer term relationships you can request an NetID for an affiliate population - see  Getting NetIDs for Affiliate Populations  for information on eligibility and considerations.

Your collaborator can then be added to an existing Manifest group, or you can create a custom Role & Manifest group:

• AWS - Granting Users Access to the AWS Management Console using NetID Authentication 

Affiliate NetID Access quick reference

While individual schools, colleges, and departments have their own HR policies and processes, some cloud account holders have successfully used the process below to create NetIDs for external consultants who needed access to UW-Madison cloud accounts:

1. [Local HR] Adding or Maintaining a Person of Interest (POI) in HRS: https://kb.uwss.wisconsin.edu/15636
2. [Consultant] - NetID - Activating Your Account: https://kb.wisc.edu/iam/1140
3. [AWS account owner] AWS - Granting Users Access to the AWS Management Console using NetID Authentication: https://kb.wisc.edu/public-cloud/65493
4. [Consultant] AWS - Sign-In to the AWS Management Console: https://kb.wisc.edu/public-cloud/65490

AWS IAM User Access

** If you are creating an AWS IAM user for CLI access please consider using AWS Cloud Shell as an alternative. **

NetID login is handled using an identity provider and does not create a native IAM user account within Amazon.   IAM users are most frequently used as service accounts to run processes.   If it is necessary to create an IAM user, please review Security best practices in IAM, in particular using the principle of least privilege. 

***Note!  If your AWS account is provisioned since July 2022, you will need to work with the Public Cloud Team to create/manage IAM/service account users.

This account should be secured with Multi-Factor Authentication (MFA) to comply with UW System authentication standards.

See  AWS - Sign In to the AWS Management Console for information on how to log in with an IAM user

See Also:

• AWS - Sign In to the AWS Management Console
• Manifest - Using a Manifest Group to Invite People to Create Identities (NetIDs)
• Getting NetIDs for Affiliate Populations
• AWS - Granting Users Access to the AWS Management Console using NetID Authentication
• Why Should I Use a UW Madison Public Cloud Account?

If you have any questions, feedback or ideas please Contact Us

Commonly Referenced Docs:

UW Madison Public Cloud Team Events
Online Learning Classes for Cloud Vendors
What Data Elements are allowed in the Public Cloud