WingNews logo WingNews
top | item 39716138

(no title)

poxrud | 1 year ago

IAM is complicated but it doesn’t have to be, as long as you keep things organized.

- Use AWS Organizations to organize your teams into Organizational Units

- use SCP to limit permissions of the OUs.

- let the OUs create new aws accounts for every project/workload

- now you have permissions and costs organized per project/workload

Don’t be afraid to create many AWS accounts, this is encouraged and considered best practice.

discuss

order

kikimora|1 year ago

This! Every team and product gets AWS account or two, this is all you need at a basic level.