How to Build an AWS Multi-Account Strategy with Centralized Identity Management

A better way to manage your accounts and users

Photo by Anne Nygård on Unsplash

Often you begin your AWS journey with a unique account. You add up all your employees, eventually segregating your infrastructure with different VPC and IAM permissions. As your size grows, it becomes harder and harder to properly map your company's internal organization to a secured and easy to use account organization. Moreover, with your billing amounts increasing, you begin to want more insights into how and who is spending the money.

For all these reasons, you may want to move to a multi-account strategy. In this article, we will look into the benefits of such a strategy and code a quick implementation using Terraform.

3 Reasons for Using Multiple Accounts

1. Separation of resources: you can affect each team, business unit, or product stage an account with only the required resources. All your assets are where they should belong.
2. Security: accounts are naturally bounded in terms of permissions, you need to explicitly allow cross-account permission. You can also dedicate a separate account with enhanced security to meet PCI or HIPAA compliance. One common practice is to create an identity account where all…