Getting started with Snowball Edge
With an AWS Snowball Edge device, you can access the storage and compute power of the AWS Cloud locally and cost effectively in places where connecting to the internet might not be an option. You can also transfer hundreds of terabytes or petabytes of data between your on-premises data centers and Amazon Simple Storage Service (Amazon S3).
Following, you can find general instructions for creating and completing your first AWS Snowball Edge device job in the AWS Snow Family Management Console. The console presents the most common workflows, separated into job types. You can find more information about specific components of the AWS Snowball Edge device in this documentation. For an overview of the service as a whole, see How AWS Snowball Edge works.
It may take up to 4 weeks to provision and prepare the Snowball Edge for your job before it is shipped. This timeline should be factored into your project plan to ensure a seamless transition.
Before you can get started, you must create an AWS account and an administrator user in AWS Identity and Access Management (IAM). For information, see Prerequisites for using Snowball Edge.
Topics
- Creating a job to order a Snowball Edge device
- Cancelling a job to order a Snowball Edge
- Cloning a job to order a Snowball Edge in the AWS Snow Family Management Console
- Receiving the Snowball Edge
- Connecting a Snowball Edge to your local network
- Getting credentials to access a Snowball Edge
- Unlocking the Snowball Edge
- Setting up local users on a Snowball Edge
- Rebooting the Snowball Edge device
- Powering off the Snowball Edge
- Returning the Snowball Edge device
- Return shipping for Snowball Edge
- Monitoring the import status from the Snowball Edge
- Getting your data transfer job completion report and logs
Connecting a Snowball Edge to your local network
Using the following procedure, you connect the AWS Snowball Edge device to your local network. The device doesn't need to be connected to the internet. The device has three doors: a front, a back, and a top.
To connect the device to your network
-
Open the front and back doors, sliding them inside the device door slots. Doing this gives you access to the touch screen on the LCD display embedded in the front of the device, and the power and network ports in the back.
Note
Don't close the front and back doors while you're using the Snowball Edge device. The open doors allow air to cool the device. Closing the doors while using the device may cause the device to shut down to prevent overheating.
-
Open the top door and remove the provided power cable from the cable nook, and plug the device into power.
-
Choose one of your RJ45, SFP+, or QSFP+ network cables, and plug the device into your network. The network ports are on the back of the device.
-
Power on the AWS Snowball Edge device by pressing the power button above the LCD display.
-
When the device is ready, the LCD display shows a short video while the device is getting ready to start. After about 10 minutes, the device is ready to be unlocked.
-
(Optional) Change the default network settings through the LCD display by choosing CONNECTION.
You can change your IP address to a different static address, which you provide by using the following procedure.
To troubleshoot boot-up problems, see Troubleshooting bootâup problems with Snowball Edge.
To change the IP address of an AWS Snowball Edge device
-
On the LCD display, choose CONNECTION.
A screen appears that shows you the current network settings for the AWS Snowball Edge device. The IP address below the drop-down box is automatically updated to reflect the DHCP address that the AWS Snowball Edge device requested.
-
(Optional) Change the IP address to a static IP address. You can also keep it as is.
The device is now connected to your network.
Important
To prevent corrupting your data, don't disconnect the AWS Snowball Edge device or change its connection settings while it's in use.
Next: Getting credentials to access a Snowball Edge
Getting credentials to access a Snowball Edge
Each job has a set of credentials that you must get from the AWS Snow Family Management Console or the job management API to authenticate your access to the Snowball Edge. These credentials are an encrypted manifest file and an associated unlock code. The manifest file contains important information about the job and permissions associated with it.
Note
You get your credentials after the device is in transit to you. You can see the status of your job in the AWS Snow Family Management Console. For more information, see Statuses of Snowball Edge jobs.
To get your credentials using the console
-
Sign in to the AWS Management Console and open the AWS Snow Family Management Console
. -
On the console, search the table for the specific job to download the job manifest for, and then choose that job.
-
Expand that Job status pane, and choose View job details.
-
In the details pane that appears, expand Credentials and then do the following:
-
Make a note of the unlock code (including the hyphens), because you need to provide all 29 characters to unlock the device.
-
In the dialog box, choose Download manifest, and follow the instructions to download the job manifest file to your computer. The name of your manifest file includes your Job ID.
Note
We recommend that you don't save a copy of the unlock code in the same location in the computer as the manifest for that job. For more information, see Best practices for using a Snowball Edge device.
-
Now that you have your credentials, the next step is to download the Snowball Edge client, which is used to unlock the AWS Snowball Edge device.
Next: Downloading and installing the Snowball Edge Client
Setting up local users on a Snowball Edge
Following are steps to set up a local administrator on your AWS Snowball Edge device.
-
Retrieve your root user credentials
Use the
snowballEdge list-access-keys
andsnowballEdge get-secret-access-key
to get your local credentials. For more information, see Getting credentials for a Snowball Edge. -
Configure the root user credential using
aws configure
Supply the
AWS Access Key ID
,AWS Secret Access Key
, andDefault region name
. The region name must besnow
. Optionally supply aDefault output format
. For more information about configuring the AWS CLI, see Configuring the AWS CLI in the AWS Command Line Interface User Guide. -
Create one or more local users on your device
Use the
create-user
command to add users to your device.aws iam create-user --endpoint
endpointIPaddress
:6078 --profileProfileID
--region snow --user-nameUserName
After you add users according to your business needs, you can store your AWS root credentials in a safe location and only use them for account and service management tasks. For more information about creating IAM users, see Creating an IAM user in your AWS account in the IAM User Guide.
-
Create an access key for your user
Warning
This scenario requires IAM users with programmatic access and long-term credentials, which presents a security risk. To help mitigate this risk, we recommend that you provide these users with only the permissions they require to perform the task and that you remove these users when they are no longer needed. Access keys can be updated if necessary. For more information, see Update access keys in the IAM User Guide.
Use the
create-access-key
command to create an access key for your user.aws iam create-access-key --endpoint
endpointIPaddress
:6078 --profileProfileID
--region snow --user-nameUserName
Save the access key information to a file and distribute to your users.
-
Create an access policy
You might want different users to have different levels of access to functionality on your device. The following example creates a policy document named
s3-only-policy
and attaches it to a user.{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:*", "Resource": "*" } ] }
aws iam create-policy --endpoint
endpointIPaddress
:6078 --profileProfileID
--region snow --policy-name s3-only-policy --policy-document file://s3-only-policy -
Attach the policy to your user
Use the
attach-user-policy
to attach the s3-only-policy to a user.aws iam attach-user-policy --endpoint
endpointIPaddress
:6078 --profileProfileID
--region snow --user-nameUserName
--policy-arn arn:aws:iam::AccountID
:policy/POLICYNAME
For more information about using IAM locally, see Using IAM locally on a Snowball Edge.