Public Cloud

UFIT has an AWS organization that utilized a central SSO configuration. When a new AWS account is created it is placed in our organization and is automatically associated with UFs AWS SSO configuration. UFs AWS SSO utilizes Shibboleth and Gatorlink IDs for access control. Different roles are created per account to allow users the appropriate access to perform required tasks.

GUI

1. Navigate to UFs AWS SSO Login Page: https://d-9067071075.awsapps.com/start
2. Authenticate using your Gatorlink credentials.
3. Select the account you want to manage.
4. With the account expanded click the "Management Console" link for the account role you want to access the account with.
• There may be more than one role available to you depending on the access patterns required for your service.

CLI

1. Install the AWS CLI v2 (not version 1) on your machine: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html
2. Install the AWS Session Manager plugin on your machine: https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html
3. Create a new file in your profile for the AWS configuration and use AWS Config Profile information in the AWS Account Information Section
4. Open a terminal in your machine and type the following command:
• aws sso login --profile "[account access role]"
5. In the web browser that opens, authenticate with Shibboleth using your Gatorlink credentials.
6. Authorize the AWS request by clicking on the Allow button.
7. If the request shows as approved you can close the browser window and go back to your terminal.
8. Your terminal should display the following message:
• Successfully logged into Start URL: https://d-9067071075.awsapps.com/start

UFIT manages all public cloud resources that are funded by UF. Public cloud vendors have been told do direct any queries about service to the UFIT Cloud Enablement team. Like wise any risk assessment or purchasing request for public cloud services will be referred to the UFIT Cloud Enablement team.

The Cloud Enablement team is responsible for deciding whether or not a service is a good fit for the public cloud and if so designing, deploying, and managing the public cloud resources. Customers will be involved in the process but will have limited access to the cloud resources to perform necessary functions.

Requesting Access

1. To request public cloud access you must first have a UF Hosting account and UFIT billing customer number.

• Sign Up for UF Hosting Service

2. Once you have a UF Hosting account and UFIT billing customer number, log into UF Hosting and request the "Public Cloud" catalog item.
3. You are required to complete a risk assessment for every new public cloud project. No resources can be deployed into the public cloud until a risk assessment has been started.

• https://security.ufl.edu/resources/risk-assessment/

Onboarding Process

1. UFIT will review the public cloud request and meet with you to understand your requirements.
2. UFIT will review your requirements and decide if the service can be run using on premise resources. If so a recommendation will be made to run on premise.
3. If the resource can not be run on premise research will be done by UFIT to determine the best public cloud solution based on technical requirements and cost.
4. UFIT will meet with you to discuss the proposals for approval.
5. UFIT will architect and validate a solution.
6. A final draft of the proposal will be presented to you for approval.
7. UFIT will deploy the public cloud resources.
8. UFIT will create limited access to the public cloud for your team using your GLID as decided upon.
9. Testing will be done by you and any required changes will be made by UFIT.
10. Any further expansion or changes will require a MyIT ticket to the Cloud Enablement team and will be reviewed and deployed as necessary.