Summary: https://www.udemy.com/course/aws-certified-cloud-practitioner-new/learn/lecture/20056442

• Contents:

AWS Accounts - Best Practices

• Use AWS CloudFormation (CFN) to deploy stacks across accounts and regions in a fast, consistent and reliable way
• Security:
  • IAM guidelines: MFA, least-privilege principle, good password policy, password rotation
  • Send service & access logs to CloudWatch Logs and/or S3
  • Use AWS CloudTrail to record API calls made within your account
  • Set up AWS Config to record all resource configurations & compliance over time
  • If account gets compromised: change root user's password, delete and rotate all passwords/keys, contact AWS support
• Billing:
  • Use Tags & Cost Allocation Tags for easy management & billing
• Use AWS Trusted Advisor to get insights & Support Plan adapted to your needs
• 💡 The above applies to single accounts AS WELL AS organizations with multiple accounts. This section explores services and tools to manage more than one AWS account (multi-account environments)

Multi-Account Management in AWS

Ref: https://www.udemy.com/course/aws-certified-cloud-practitioner-new/learn/lecture/20056424

Possible Multi-Account Strategies in AWS

• Create separate accounts per department (dev, sales, HR…) or per cost center
• Create separate accounts per dev environment (DEV/TEST/PROD)
• Create separate accounts based on regulatory restrictions (using Service Control Policies or SCPs)
• Create separate accounts for better resource isolation (sometimes different VPCs is not enough)
• Create separate isolated accounts per centralized functionality (e.g. separate accounts for identities, monitoring, logging…)
• Create separate accounts to establish different per-account service limits

AWS Organizations