PCG logo
Article

How to properly set up your AWS multi-account environment

Does managing a ton of AWS accounts seem like a Herculean task? The good news is that AWS offers several techniques and tools that make managing multiple accounts easier.

AWS Organizations

AWS Organizations is a service that helps platform teams manage a multi-account ecosystem— in terms of creation, grouping, and entitlement aspects. With AWS Organizations, you can build a multi-tiered structure of organisational units to manage base-level permissions, called Service Control Policies (SCPs), to ensure that only specific services or actions can be performed within an AWS account. A typical structure of an AWS organisation is shown in the following figure.

Essentially, AWS Organizations provide the following benefits and features:

  • Consolidated Billing: All subordinate accounts under the root (or master) account receive consolidated billing, along with detailed reports to track actual expenses per account.
  • Flexibility in Account Membership: AWS accounts can join or leave an AWS Organization. This is useful when business structures change or specific projects or departments are acquired by other companies.
  • Potential Cost Savings: Summing up costs across member accounts can lead to volume discounts. For instance, consider costs related to outbound data transfer or S3 storage, which occur in almost every account. Additionally, cost optimisation extends to using Reserved Instances (RIs) and Saving Plans across member accounts.
  • Seamless Integration of Services: Many AWS services, such as AWS Firewall Manager and AWS CloudTrail, can be effectively integrated with AWS Organizations, providing a unified view for audits and security-related activities.

AWS Organizations is not a must-have for every multiple account scenario. If you are in the position where an AWS partner is performing your AWS invoice management as part of your managed services agreement, many of the day-to-day challenges with multiple account invoicing may already be taken care of, making AWS Organizations a less important requirement from an invoicing perspective.

Recommended Starting Organisation

In this example, the organisation's management account utilises AWS Single Sign-On (AWS SSO) to provide unified access to AWS accounts within your organisation for your employees.

The "Security" Organisational Unit (OU) includes an account named "log-archive," acting as a central repository for log data within the organisation. Security, audit, and compliance teams can utilise this account for analysis purposes. The "security-tooling" account is dedicated to managing security tools.

A separate "Workloads" OU contains both production and testing accounts.

Conclusion

Our advice is to start small and expand your AWS Organization as needed. Don't try to cover every special case right from the beginning.

Avoid using your existing AWS account as the root account if it already contains workloads. Instead, begin with a fresh account free of any legacy baggage. You can still add your old account as a member of the new organisation.

If you're uncertain or need a second opinion to validate your multi-account strategy, reach out to our Professional Services team. They will expertly guide you on your journey to establishing a solid cloud foundation. While it's not a walk in the park, as the saying goes, your company will greatly benefit from applying a bit of effort to establish a well-defined multi-account strategy.

Have your AWS account structure checked by our experts

We will answer all your questions about optimising your AWS accounts and take a joint look at potential cost savings and improvement opportunities. The 30-minute conversations are conducted remotely by our certified AWS experts.

Book your free consultation


Services Used

Continue Reading

Article
VMware - AWS Migration: how to do it!

Practical steps of how AWS can help you move from VMware to the cloud. Imagine moving into a new house, but instead of packing boxes, we're talking data and applications - and we have a pretty good plan for it!

Learn more
Case Study
Software
Empowering SMBs Through Cloud Technology: A T34MS Success Story

In an era where digital transformation is crucial for business growth, small and medium-sized businesses (SMBs) are increasingly looking towards cloud technology to gain a competitive edge. This case study highlights the journey of T34MS, an innovative Swedish company, in leveraging cloud solutions with the expertise of the Public Cloud Group (PCG).

Learn more
Case Study
Food & Beverage
SMB Digital Empowerment: Cloud Success with StiQ, PCG and AWS

In an ambitious initiative to revolutionize their digital framework, StiQ, a dynamic player in the K-12 foodservice industry, embarked on a cloud journey with Public Cloud Group (PCG). This venture into Amazon Web Services (AWS) was not just about migration; it was about redefining what a small to medium-sized business (SMB) can achieve with the right cloud strategy.

Learn more
Press Release
Return on investment in cloud expertise: PCG receives AWS SAP Competency.

The Public Cloud Group (PCG), a leading player in the European cloud landscape, has been awarded with the AWS SAP Competency.

Learn more
See all

Let's work together

United Kingdom
Arrow Down