Cloud Course

AWS Organization & Accounts

We have our AWS account setup, now we're going to setup 3 more.

It is extremely useful to have a clear seperation between infrastructure that is created for production, development, and just experimentation. We can seperate even more than this, create clear boundaries for each developer or employee in a company, but for now we'll just focus on these three things:

  • Production infrastructure is precious and should be protected. We never want to accidentally mess anything up in production, or delete something by accident.
  • Development infrastructure is great for testing, it's still something that should be protected, but it's ok if things go wrong in development.
  • Experimentation infrastructure is nothing to worry about. Create and delete as much as you like just to test things out. Delete the entire account and start over if you want to, no big deal.

It turns out that the best way to seperate these things in AWS is to have a sperate account for each thing.

The current account that we have is going to be our management account. We won't really be using it much day-to-day, but it's the default account where we can manage billing and alarm and users etc. So we need three more accounts on top of this one.

In AWS, we do this by first creating an organization, then we can setup many different accounts within this organization.

Search for organizations and select AWS Organizations

We can then create users that belong to the organization and are easily able to access each account with the same login. We could have an admin user that can create anything in any account, or an intern user that can only manage basic infrastructure in the playground account but has no access to the other accounts.

We'll setup a user in the next part, let's start by creating the organization.

step 1:

Search for organizations and select AWS Organizations

Search for organizations and select AWS Organizations
step 2:

Click on Create an organization This will setup an organization where you can manage multiple accounts.

Click on Create an organization This will setup an organization where you can manage multiple acc...

You'll be able to see your account that you already setup. This is the management account and we really want to limit the amount that we use this account directly. All resources that we make will exist in other accounts.

The only reason we will be logging into the management account right now is to view billing for every single account we make in this organization.

Create Accounts

step 3:

Click on Add an AWS account

Click on Add an AWS account
step 4:
  • Enter Production for the account name
  • Enter a new email address for the account's owner
  • Click Create AWS account
* Enter `Production` for the account name * Enter a new email address for the account's owner * C...
step 5:

Do the same thing for a Development account.

Do the same thing for a `Development` account.
step 6:

Do it one last time for the Playground account

Do it one last time for the `Playground` account

When all the accounts have finished setting up, your organization dashboard should look like this.