Requesting an AWS Account at LBNL¶
This document outlines the process for LBNL users to request and access an Amazon Web Services (AWS) account.
Important: LBNL users cannot self-register AWS accounts using their LBL identity. All AWS account requests must be submitted through the Science IT cloud team.
Prerequisites¶
- You must be a LBNL staff member to get a LBNL AWS account. Interns and external collaborators are not eligible for an AWS account through LBNL, however a LBNL staff member can be the point of contact and can provide access to an AWS account through IAM logins to interns and external collaborators
Requesting an AWS Account¶
- Email the Science IT Cloud Team:
- Send an email to
scienceit@lbl.govrequesting an AWS account.
- Send an email to
- Provide Necessary Information:
- In your email, include the following information:
- Indicate if you or someone else will be the "owner" and contact for the account. This information is needed by both the LBNL cloud team and Cybersecurity.
- A Project ID for recharges.
- In your email, include the following information:
- Account Creation:
- The Science IT cloud team will setup a time to meet with the account owner to create and configure the AWS account.
- Once the account is created, the setup and enabling of MFA is required before the account can be used.
Enabling Multi-Factor Authentication (MFA)¶
After your AWS account is created, at that time you must enable Multi-Factor Authentication (MFA) to access and use any AWS services and resources in the account. This is a security requirement for all LBNL AWS accounts.
For MFA, you can use a physical hardware token, an Authenticator app, or a Passkey.
- Log in to the AWS Management Console:
- Use the credentials provided by the Science IT cloud team to log in to the AWS Management Console: aws.amazon.com/console.
- Navigate to Security Credentials:
- Select the drop down indicated by the account name in the upper right corner of the page.
- Click the "Security credentials" tab.
- Assign MFA device:
- In the "Multi-factor authentication (MFA)" section, click "Assign MFA device".
- Choose MFA device type - Authenticator app option:
- Select "Virtual MFA device" and click "Continue".
- Install an Authenticator App:
- You will need to install an authenticator app on your smartphone or computer. Popular options include:
- Google Authenticator
- Authy
- Microsoft Authenticator
- Scan the QR code displayed on the AWS screen with your authenticator app, or manually enter the secret key.
- You will need to install an authenticator app on your smartphone or computer. Popular options include:
- Enter MFA Codes:
- Enter the two consecutive MFA codes generated by your authenticator app into the AWS console and click "Assign MFA".
- Cleanup:
- You will need to log out of the account, and then log back in using MFA in order for AWS services and resources to become available.
Important Notes¶
- Account Management: The Science IT cloud team manages all LBNL AWS accounts.
- Security: MFA is mandatory for the root user on all LBNL AWS accounts.
- Support: For any questions or assistance, contact the Science IT cloud team at
scienceit@lbl.gov.