4. Why use the multi-account
strategy?
< design + inovação + software >
+++
❏ Best practice
❏ Security Control
❏ Reduce the blast radius of the security incident
❏ Account as a container (Isolate)
❏ Cost allocation
❏ Governance
❏ Avoid service limits
Challenges
❏ Centralize Billing
❏ Complexity to manage the accounts
❏ How to monitor all accounts?
6. AWS organizations
< design + inovação + software >
+++
❏ Account management service
❏ Administer multiple accounts as a single unit
❏ Create new accounts / Invite existent accounts
❏ Apply policy to accounts
❏ Centralize billing
❏ Free
7. Organizational Units - OUs
< design + inovação + software >
+++
❏ Root account
❏ Create logical group and structure an hierarchy
❏ Apply policies
❏ OUs can be nested up to 5 levels deep
8. Service Control Policies (SCPs)
< design + inovação + software >
+++
❏ Organization policy
❏ Limit the AWS services, resources and API operations
that account member can use
❏ Allow and deny list
9. SCPs - Examples
< design + inovação + software >
+++
Prevent users from disabling CloudWatch or
altering its configuration
Prevent IAM users and roles from making
certain changes
11. Organizational Units - OUs -
Benefits
< design + inovação + software >
+++
❏ Group similar accounts based on function
❏ Management policies
❏ Apply policy on multiples based on hierarchy
❏ Share resources (AWS RAM)