Getting Started - AWS Snowball Edge Developer Guide
Connecting to Your Local NetworkGetting credentials to access a Snow Family deviceDownloading and Installing the Snowball Edge clientSetting Up Local Users

Getting Started

With an AWS Snowball Edge device, you can access the storage and compute power of the AWS Cloud locally and cost effectively in places where connecting to the internet might not be an option. You can also transfer hundreds of terabytes or petabytes of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3).

Following, you can find general instructions for creating and completing your first AWS Snowball Edge device job in the AWS Snow Family Management Console. The console presents the most common workflows, separated into job types. You can find more information about specific components of the AWS Snowball Edge device in this documentation. For an overview of the service as a whole, see How AWS Snowball Edge works.

The getting started exercises assume that you use the AWS Snow Family Management Console to create your job, the AWS OpsHub for Snow Family to unlock and manage the AWS Snowball Edge device, and the Amazon S3 interface to read and write data. If you'd rather create your job programmatically with more options for the jobs you're creating, you can use the job management API. For more information, see AWS Snowball API Reference.

Before you can get started, you must create an AWS account and an administrator user in AWS Identity and Access Management (IAM). For information, see Prerequisites for using Snow Family devices.

Topics

Connecting to Your Local Network

Using the following procedure, you connect the AWS Snowball Edge device to your local network. The device doesn't need to be connected to the internet. The device has three doors: a front, a back, and a top.

To connect the device to your network

  1. Open the front and back doors, sliding them inside the device door slots. Doing this gives you access to the touch screen on the LCD display embedded in the front of the device, and the power and network ports in the back.

    Note

    Don't close the front and back doors while you're using the Snowball Edge device. The open doors allow air to cool the device. Closing the doors while using the device may cause the device to shut down to prevent overheating.

  2. Open the top door and remove the provided power cable from the cable nook, and plug the device into power.

  3. Choose one of your RJ45, SFP+, or QSFP+ network cables, and plug the device into your network. The network ports are on the back of the device.

  4. Power on the AWS Snowball Edge device by pressing the power button above the LCD display.

  5. When the device is ready, the LCD display shows a short video while the device is getting ready to start. After about 10 minutes, the device is ready to be unlocked.

  6. (Optional) Change the default network settings through the LCD display by choosing CONNECTION.

    You can change your IP address to a different static address, which you provide by using the following procedure.

To troubleshoot boot-up problems, see Troubleshooting boot‐up problems.

To change the IP address of an AWS Snowball Edge device

  1. On the LCD display, choose CONNECTION.

    A screen appears that shows you the current network settings for the AWS Snowball Edge device. The IP address below the drop-down box is automatically updated to reflect the DHCP address that the AWS Snowball Edge device requested.

  2. (Optional) Change the IP address to a static IP address. You can also keep it as is.

The device is now connected to your network.

Important

To prevent corrupting your data, don't disconnect the AWS Snowball Edge device or change its connection settings while it's in use.

Next: Getting credentials to access a Snow Family device

Getting credentials to access a Snow Family device

Each job has a set of credentials that you must get from the AWS Snow Family Management Console or the job management API to authenticate your access to the Snow Family device. These credentials are an encrypted manifest file and an associated unlock code. The manifest file contains important information about the job and permissions associated with it.

Note

You get your credentials after the device is in transit to you. You can see the status of your job in the AWS Snow Family Management Console. For more information, see Job Statuses.

To get your credentials using the console

  1. Sign in to the AWS Management Console and open the AWS Snow Family Management Console.

  2. On the console, search the table for the specific job to download the job manifest for, and then choose that job.

  3. Expand that Job status pane, and choose View job details.

  4. In the details pane that appears, expand Credentials and then do the following:

    • Make a note of the unlock code (including the hyphens), because you need to provide all 29 characters to unlock the device.

    • In the dialog box, choose Download manifest, and follow the instructions to download the job manifest file to your computer. The name of your manifest file includes your Job ID.

    Note

    We recommend that you don't save a copy of the unlock code in the same location in the computer as the manifest for that job. For more information, see Best practices for using the Snowball Edge device.

Now that you have your credentials, the next step is to download the Snowball Edge client, which is used to unlock the AWS Snowball Edge device.

Next: Downloading and Installing the Snowball Edge client

Downloading and Installing the Snowball Edge client

You can download and install the Snowball Edge client from AWS Snowball Edge Resources. On that page, you can find the installation package for your operating system. Follow the instructions to install the Snowball Edge client. Running the Snowball Edge client from a terminal in your workstation might require using a specific path, depending on your operating system:

  • Microsoft Windows – When the client has been installed, you can run it from any directory without any additional preparation.

  • Linux – The Snowball Edge client must be run from the ~/snowball-client-linux-build_number/bin/ directory. The Snowball Edge client is only supported on 64-bit Linux distributions.

  • macOS – The install.sh script copies folders from the Snowball Edge client .tar file to the /usr/local/bin/snowball directory. If you run this script, you can then run the Snowball Edge client from any directory if /usr/local/bin is a path in your bash_profile. You can verify your path using the echo $PATH command.

For more information about Snowball Edge client commands, see Using Snowball Edge client commands.

Next: Unlocking the Snow Family device

Setting Up Local Users

Following are steps to set up a local administrator on your AWS Snowball Edge device.

  1. Retrieve your root user credentials

    Use the snowballEdge list-access-keys and snowballEdge get-secret-access-key to get your local credentials. For more information, see Getting Credentials.

  2. Configure the root user credential using aws configure

    Supply the AWS Access Key ID, AWS Secret Access Key, and Default region name. The region name must be snow. Optionally supply a Default output format. For more information about configuring the AWS CLI, see Configuring the AWS CLI in the AWS Command Line Interface User Guide.

  3. Create one or more local users on your device

    Use the create-user command to add users to your device.

    
aws iam create-user --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName

    After you add users according to your business needs, you can store your AWS root credentials in a safe location and only use them for account and service management tasks. For more information about creating IAM users, see Creating an IAM user in your AWS account in the IAM User Guide.

  4. Create an access key for your user

    Warning

    This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. Access keys can be updated if necessary. For more information, see Updating access keys in the IAM User Guide.

    Use the create-access-key command to create an access key for your user.

    
aws iam create-access-key --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName

    Save the access key information to a file and distribute to your users.

  5. Create an access policy

    You might want different users to have different levels of access to functionality on your device. The following example creates a policy document named s3-only-policy and attaches it to a user.

    {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": "*"
    }
  ]
}    

    
aws iam create-policy --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --policy-name s3-only-policy --policy-document file://s3-only-policy

  6. Attach the policy to your user

    Use the attach-user-policy to attach the s3-only-policy to a user.

    
  aws iam attach-user-policy --endpoint endpointIPaddress:6078 --profile ProfileID --region snow --user-name UserName --policy-arn arn:aws:iam::AccountID:policy/POLICYNAME

For more information about using IAM locally, see Using IAM Locally.

Next: Using an AWS Snowball Edge Device