AWS Account Management

Community Edition users are able to connect their own AWS account and take advantage of the powerful lab deployment and management capabilities of the Snap Labs platform, for free. This means you only pay AWS directly for the lab infrastructure you actually use!

Creating an AWS Account

We strongly recommend creating a dedicated AWS account for use with the Snap Labs platform. This offers several advantages as it allows you to:

  1. Easily and accurately monitor your billing
  2. Segment your Snap Labs infrastructure from personal or company infrastructure
  3. More easily clean up lab resources if you choose to disconnect your account from the Snap Labs platform

To sign up for a free AWS account, check out the AWS Free Tier.

📘

EC2 Limits

For newly created accounts, the Running Instances limit may be quite small (5 vCPUs). Most lab templates will require more than this, so we recommend requesting a limit increase as soon as you set up your AWS account.

You can request a service limit increase here. We deploy labs into the US-East-1 region currently, so be sure to request the increase in that region.

Make sure to request an increase for "Running On-Demand Standard (A, C, D, H, I, M, R, T, Z) instances". We recommend at least 120 vCPUs to allow running multiple lab environments simultaneously.

Other limits you might run into include:

  • VPC Limits (1 per lab)
  • Elastic IP Address (1 per lab)

Connecting your AWS Account to Snap Labs

Connecting your AWS account to your Snap Labs account is simple! If you've already got an AWS account, you can be up and running in just a couple minutes.

Follow the instructions in the AWS Connection Wizard to connect your accounts in just a few clicks. Behind the scenes, Snap Labs will:

  • Deploy a CloudFormation Stack
  • Create an IAM Role with the required permissions
  • Automatically detect when your accounts are connected
  • Assume this IAM Role to deploy and manage labs within your own account

Snap Labs IAM Permission Requirements

The Snap Labs platform needs certain permissions within your AWS account to successfully deploy and manage your lab systems. We DO NOT need full administrative access!! The IAM role we create has the minimal permissions required for the platform to function.

We require most permissions to interact with EC2, including permissions to create, modify, and delete resources like EC2 instances, EBS volumes, snapshots etc. For a full list of the specific permissions required, be sure to review the CloudFormation stack created when connecting your AWS and Snap Labs accounts.

Disconnecting your AWS Account

To disconnect your account, browse to the Account Settings page and select Disconnect.

🚧

Stranded Snap Labs Resources

Be careful when disconnecting your AWS Account from Snap Labs first deleting your deployed labs!

Upon disconnecting you're account, Snap Labs will lose the ability to manage resources on your behalf. If you disconnect before deleting your existing labs, there may be resources left in your AWS Account, including running EC2 instances, that may significantly affect your monthly bill.

If you do elect to leave labs deployed, but disconnect your account, you can identify Snap Labs managed resources for future cleanup by the SnapLabs tag.