Individual Student AWS Accounts Hosting One EMR Cluster Per Student - Teaching Big Data Skills with Amazon EMR

Individual Student AWS Accounts Hosting One EMR Cluster Per Student

In this deployment option, each student is required to provision (or use an existing personal) AWS account to deploy a personal EMR cluster. These accounts can be student personal accounts with personal billing responsibility or sub-accounts as part of a university AWS Organization with consolidated institution billing. If these accounts are part of an AWS Organization, they can be programmatically provisioned as child accounts within the university organization with granular IAM controls native to this provisioning.



Individual student AWS accounts hosting one EMR cluster
    per student

Figure 15: Individual student AWS accounts hosting one EMR cluster per student

The difference between this option and the One AWS Account Hosting One EMR Cluster Per Student option is that the segmentation of resources takes place in separate AWS accounts. With an individual account, security controls depend upon the account security policies and control mechanism. If using an individual student account without controls, all security control and cost management shifts from the IT administrative staff to the AWS student account owner. For a personal account, students are fully in charge of their own resources and costs. If an AWS Organization is used, Service Control Policies (SCP) can restrict the services and actions that users, groups, and roles in student accounts can access. In both scenarios, it is critical for students to understand how to control the costs of their EMR clusters so that they are only in use when running workloads.