Organizing Your AWS Environment Using Multiple Accounts
JDMurray
Admin Posts: 13,090 Admin
A new AWS whitepaper Organizing Your AWS Environment Using Multiple Accounts describes a best-practice in the AWS Well-Architected Framework and would have been real handy for me to have a few years ago.
Excerpt:
Your cloud resources and data are contained in an AWS account. An account acts as an identity and access management isolation boundary. When you need to share resources and data between two accounts, you must explicitly allow this access.
By default, no access is allowed between accounts. For example, if you designate different accounts to contain your production and non-production resources and data, by default, no access is allowed between those environments.
The number of accounts that best meets your needs can range from a few to hundreds or even thousands. AWS does not charge per account. Rather, you incur charges based on resources used, regardless of account quantity. However, management of many accounts might call for use of automation to help minimize your operational costs and ensure efficient alignment with your security,governance, and operational requirements.
By default, no access is allowed between accounts. For example, if you designate different accounts to contain your production and non-production resources and data, by default, no access is allowed between those environments.
The number of accounts that best meets your needs can range from a few to hundreds or even thousands. AWS does not charge per account. Rather, you incur charges based on resources used, regardless of account quantity. However, management of many accounts might call for use of automation to help minimize your operational costs and ensure efficient alignment with your security,governance, and operational requirements.
Tagged: