What Is Amazon AWS?
Amazon AWS is the implementation of Amazon Web Services in the Beijing and Ningxia (China) Regions. Directly connected to domestic telecommunication networks, it’s designed to provide the infrastructure and network services necessary to support AWS technology.
Amazon AWS provides computing resources and services that you can use to quickly and cost-effectively build applications. For example, you can rent a virtual server on Amazon AWS that you can connect to, configure, secure, and run just as you would a physical server. But the virtual server runs on top of a global network managed by AWS, and you pay for your virtual server only while it runs. Backed by Amazon AWS, your virtual server can do things no physical server can, such as automatically scaling into multiple servers when demand increases.
Using Amazon AWS to build your Internet application is like purchasing electricity from a power company instead of running your own generator, and it provides many of the same benefits: capacity exactly matches need; you pay only for what you use; economies of scale result in lower costs, and the service is provided by a vendor experienced in running large-scale networks.
You can run nearly anything on Amazon AWS that you would run on physical hardware: websites, applications, databases, mobile apps, email campaigns, distributed data analysis, and media storage. The services are designed to work together so that you can build complete solutions, and many of the most utilized AWS products are available in the China Regions.
The following topics will help you get started with Amazon AWS.
Managing Amazon AWS
There are several tools that you can use to create and manage Amazon AWS resources.
- AWS Management Console – A graphical user interface that you access online at https://console.amazonaws.cn. The AWS Management Console is the fastest way to get started with Amazon AWS; there is nothing to install. Some services, however, have features that can’t be accessed from the console. For more information, see Using the Console or the service documentation.
- AWS Command Line Interface (AWS CLI) – A text-based tool that you install on your desktop. With the AWS CLI, you can manage and script against multiple Amazon AWS resources directly from the command line. Some services also offer custom CLIs. For more information, see AWS Command Line Tools.
- Software Development Kits (SDKs) – Class libraries and tools that you add to your application so it can manage Amazon AWS resources. AWS offers SDKs in a variety of programming and scripting languages. The SDKs are the easiest way to write applications that interface with Amazon AWS; they provide functions that you can call to authenticate your application’s connection to Amazon AWS. For more information, see AWS SDKs
- Query APIs – Low-level APIs that are exposed online through service- and Region-specific endpoints (for example,
https://dynamodb.cn-north-1.amazonaws.comfor the Beijing Region, and https://dynamodb.cn-north-1.amazonaws.com for the Ningxia Region. You call API actions by using HTTP requests. The APIs reflect the latest functionality of each service. If your application uses the API instead of an SDK, however, you must implement the functionality to generate the proper signatures to authenticate your requests.
Signup, Accounts, and Credentials
To use Amazon AWS services, you need an account and credentials specific to Amazon AWS, the suite of Amazon Web Services available in the Beijing and Ningxia (China) Regions. Accounts created for other AWS Regions won’t work for Amazon AWS. Similarly, Amazon AWS accounts won’t work in AWS Regions outside the Beijing and Ningxia Regions. To use services in another Region, Amazon AWS customers need to sign up for an account in that Region.
To comply with Chinese law and regulations, Amazon AWS customers who want to make content publicly available via Amazon AWS services are required to first file for Internet Content Provider (ICP) recordal with the Ministry of Industry and Information Technology. Until ICP recordal is complete, Amazon AWS customers are granted an Internal Access Account, which provides limited access to Amazon AWS features. Amazon AWS customers who don’t intend to publish content publicly aren’t required to complete ICP recordal. These customers can get started right away by signing up for an Internal Access Account and using Amazon AWS services for personal projects or for projects internal to their organization. To use all of the Amazon AWS features, customers need a Full Access Account. The two account types are described in more detail below.
The AWS Management Console walks you through the process of signing up for Amazon AWS. The steps below provide a high-level overview of signup.
To sign up for Amazon AWS:
- Go to amazonaws.cn and register with Amazon AWS.
- Receive an Internal Access Account.
- (Optional) Complete the ICP recordal process. This step is necessary for publishing content for public consumption. When you’ve completed ICP recordal, you’ll receive a Full Access Account.
- Receive your Amazon AWS account credentials. The credentials consist of an account ID, access key ID, and secret access key. Note that you can’t use your Amazon AWS credentials to access any other AWS Region.
To use the Amazon AWS console, you must have credentials provided by AWS Identity and Access Management (IAM). All users have to create IAM credentials during the sign-up process. When you first sign up for Amazon AWS, you create an IAM user administrator. Then you can sign in to the Amazon AWS console with your account ID.
The administrator has full access to manage Amazon AWS resources. For example, as the administrator, you can create additional IAM users by using the Amazon AWS console. You can then manage users and their permissions by assigning them to groups. For more information about users, groups, and policies, see Working with Users and Groups. To learn more about IAM and about credentials in Amazon AWS, see AWS Identity and Access Management.
Internal Access Account
An Internal Access Account provides limited access to Amazon AWS services. Internal Access Accounts are granted to Amazon AWS customers who don’t intend to host public content directly from their Amazon AWS accounts, and to customers who want to host public content but have not yet completed ICP recordal. With Internal Access Accounts, public access is restricted as follows:
- In Amazon EC2, all common internet ports (except ports 22 and 3389) are blocked. Internal ports remain available.
- In Amazon S3, buckets are not allowed to serve content for public anonymous access, and pre-signed URL functionality is disabled.
Billing and Payment
Amazon AWS is priced and billed in local currency (CNY). Each month, Amazon AWS sends an invoice to the email address of the account owner. You can also view your Amazon AWS bill on the Bills page of the AWS Billing and Cost Management console. You use Amazon AWS resources first and then receive an invoice based on usage. You can then pay using either wire transfer or ACH.
Note that some features described in the AWS documentation may not be available in the current Amazon AWS release.
In the case of AWS Billing and Cost Management, the free pricing tier is not included in the China Regions.
If you want to deposit reports into an Amazon S3 bucket, in your policy, you must specify 145026535362 (instead of 386209384616) for the account ID. For more information, seeExample 8: Deposit Reports into an Amazon S3 Bucket in the AWS Billing and Cost Management User Guide.
For each Amazon AWS account you create, you can enter your tax information on the Tax Settings page of the AWS Billing and Cost Management console. In addition to providing your name, business information, and address for tax purposes, you also specify the type of VAT invoice you want to receive from Amazon AWS.
To enter your tax information:
- Sign in to the AWS Management Console and choose your account name in the top navigation bar.
- To open the Billing console, choose Billing & Cost Management.
- In the Billing console, choose Tax Settings and then follow the instructions on the page.
To use Amazon AWS to host or distribute content publicly, you must complete the Internet Content Provider (ICP) recordal process. You can start the ICP recordal process through the AWS Billing and Cost Management console. You will be redirected to a third-party site that handles the process.
To file for ICP recordal:
- Log into the AWS Management Console and choose your account name in the top navigation bar.
- To open the AWS Billing and Cost Management console, choose Billing & Cost Management.
- In the AWS Billing and Cost Management console, choose the ICP recordal link and follow the instructions on the page.