Skip to main content
All CollectionsFor Administrators
Vocareum AWS Account Lifecycle
Vocareum AWS Account Lifecycle
M
Written by Mary Gordanier
Updated over a week ago

For Admins

When you connect your AWS account to Vocareum to enable the use of Cloud Labs, Vocareum begins managing and distributing your AWS user accounts. Once an AWS user account is connected to Vocareum, it is called a "linked account."

Linked Account States

Once connected to Vocareum, a linked account will always be in one of the following states:

  • Available: Allocated to a student assignment.

  • In Use: Allocated to a student assignment.

    • In Clean-Up: An in-use account undergoing the clean-up process after the associated student assignment is terminated.

  • Fraud: Flagged for possible fraud on the basis of exceeded concurrency checks.

  • Discarded: Flagged as faulty and removed from circulation in Vocareum.

  • Closed: Permanently closed in AWS (fallback for accounts with issues AWS support is unable to resolve).
    ​

Linked Account Lifecycles

Provisioning Flow

  1. Organization Admin clicks "Generate accounts" on AWS Payers page

  2. AWS Account is created

  3. Account is initialized and is ready to be used (no user is attached)

  4. User clicks "Start Lab" within a Cloud Lab assignment

  5. Account is attached to a user and lab

  6. Account resources are created/started when user starts the lab

  7. A Cloud Lab is terminated (see: lab termination conditions)

  8. Account resources are deleted

  9. The account will be locked for 15 minutes while the clean-up process completes. During this period, the user cannot start the lab again. (This is the inservice lock is for.)

If the account re-use policy is active, the account becomes available for re-use. Return to step 4.

Reuse Flow

  1. Organization Admin sets the AWS Account Re-Use policy in their Organization Settings.

  2. A Cloud Lab is terminated (see: lab termination conditions)

  3. Account is detached from the current user

  4. .Account resources are deleted

  5. The account will be locked for 15 minutes while the clean-up process completes. During this period, the user cannot start the lab again. (This is the inservice lock is for.)

  6. Account is available to be re-attached to a new user and lab.

Discard Flow

  1. An account is attached to a user and becomes faulty (for example, the 'vocareum' permission is removed by mistake).

  2. The user cannot start the lab anymore.

  3. The faulty account is detached from the user. The user is re-allocated a different account.

  4. The faulty account is marked as 'discarded' and will not be re-used.

Deactivation and Reactivation Flow

  1. Organization Admin sets the Concurrency Limits for:

    1. EC2

    2. Codebuild

    3. Sagemaker

    4. Lambda

    5. Redshift

    6. Bedrock

    7. Rekognition

    8. Glue

    9. Fargate

    10. EKS

    11. S3

  2. When a user starts more than the allowed limits, the account is automatically deactivated and cleaned up.

  3. If it is determined that the user exceeded the limit by mistake, the admin can reactivate the account.

  4. If a user is over budget, a new budget can be set for the user.
    ​

Account Close Flow

When an account fails to be cleaned up and continues to incur cost, and AWS support is not able to resolve it, we can close the account permanently.
​

Related Processes

Lab Termination Conditions

  1. User clicks "End Lab" within a Cloud Lab assignment where the end lab action is set to "terminate resources"

  2. User clicks "Reset" within a Cloud Lab assignment where the end lab action is set to "terminate resources"

  3. Lab time limit expires within a Cloud Lab assignment where the end lab action is set to "terminate resources"

  4. Account exceeds its defined lab budget

  5. The account has no spend after X minutes

Did this answer your question?