- Must have AWS account to access services and create any resources. By default creates a
rootaccount. - Recommended to have multiple accounts for serving different environments like dev, test, prod, sandbox.
- Managing multiple accounts become cumbersome so can use
AWS Organisations. One account can becomemanageraccount and others becomememberaccounts. - Can have multiple dev, test, prod accounts. All can be logically grouped as
Organisation Units (OUs)and apply policies and permissions that the members of the OU may share in the organization. - You can apply
Service Control Policies (SCPs), that act as guard rails on what services can be consumed in each AWS account. Written inJSON. SCPs can also restrict which regions those accounts can provision resources in. - One key trick to manage so many accounts by a single user is by using a
Gmailemail id. It allows you to have many sub user accounts which are ultimately linked to a common gmail account. This is achieved by adding a+letter in your email address ex.[email protected], [email protected], [email protected]...etc.
