Best Practices for the Amazon Snowcone Device - Amazon Snowcone User Guide
SecurityNetworkResource ManagementManaging EC2-compatible Instances
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Best Practices for the Amazon Snowcone Device

To help get the maximum benefit from and satisfaction with your Amazon Snowcone device, we recommend that you follow these best practices.

Security

  • If you notice anything that looks suspicious about the Amazon Snowcone device, don't connect it to your internal network. Instead, contact Amazon Web Services Support, and a new Amazon Snowcone device will be shipped to you.

  • We recommend that you don't save a copy of the unlock code in the same location in the workstation as the manifest for that job. Saving these separately helps prevent unauthorized parties from gaining access to the Amazon Snowcone device. For example, you can save a copy of the manifest to your local server, and email the code to a user that unlocks the device. This approach limits access to the Amazon Snowcone device to individuals who have access to files saved on the server and also that user's email address.

  • The credentials displayed when you run the Snowball Edge client command snowballEdge list-access-keys followed by snowballEdge get-secret-access-key are a pair of keys: an access key and a secret key. These keys are only associated with the job and the local resources on the device. They don't map to your Amazon Web Services account or any other Amazon Web Services account. If you try to use these keys to access services and resources in the Amazon Web Services Cloud, they fail, because they work only for the local resources associated with your job.

  • You can restrict access to NFS shares. For details, see Restricting Access to NFS Shares When NFS is Running.

  • When you turn off or power cycle a Snowcone device, it goes into a locked state.

Network

  • We recommend that you only use one method of reading and writing data to a local bucket on an Amazon Snowcone device at a time. Using both the

    NFS Mount and the DataSync on the same S3 bucket at the same time can result in read/write conflicts.

  • To prevent corrupting your data, don't disconnect an Amazon Snowcone device or change its network settings while transferring data.

  • Files should be in a static state while being written to the device. Files that are modified while they are being written can result in read/write conflicts.

  • For more information about improving performance of your Amazon Snowcone device, see Snowcone Performance.

Resource Management

Managing EC2-compatible Instances

To avoid accidentally deleting the Amazon EC2-compatible instances that you create on your Amazon Snowcone device, don't shut down your instances from the operating system. For example, don't use the shutdown or reboot commands. Shutting down an instance from within the operating system has the same effect as calling the terminate-instances command.

Instead, use the stop-instances command to suspend Amazon EC2-compatible instances that you want to preserve.