Subscribe to RSS feed  Follow @jackvamvas - Twitter

*Use the Comments section for questions Links



AWS Shared Account Model

02 February,2023 by Rambler

In a large organization maintaining a separated AWS account for every line of business or application can be a complicated structure. Here's a list of lessons learnt and factors to consider when thinking about consolidating multiple lines of business or applications into one account

-There should be no compromise of any customer security controls 

  • The applications be able to continue performing all security relates tasks except access to the billing data 
  • MFA  access would that be global to the whole account ? would it be based on a role? Would the shared account be accessible by the different users ?
  • IAM Roles - would that be 1 IAM role with access to all S3 , CloudWatch ?
  • Alerting - are multiple email addresses possible for separate alerting?
  • Subnets - If all resources are sitting on one VPC ,  can they be split onto different subnets ? Therefore potentially limiting the blast radius of viewing , modifying or deleting resources
  • Resources - would the resources such as RDS be managed by a centralized team or would access be given to the different users? For example , if there was a requirement to create an s3 bucket
  • IAM Role - Do the IAM Groups need to be combined with Resource Level Group Permissions ?
  • Compliance - what are the compliance requirements for resource separation?
  • Disaster recovery - In the event of a cross-region failover , would all resources be treated the same , for example - if relying on AWS Backup , would one vault be used or separate vaults?
  • Infrastructure as Code - Can the deployment pipelines support this set up?

Author: Rambler (


Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.


Post a comment on AWS Shared Account Model