Account Setup (AWS)

Accounts should be split into at least 2-3.

Main account will have very limited access and append only resources like audit logs and backups.

Reason is to prevent data leak and have disaster recovery working.

Dev and Prod Accounts will hold corresponding environments. Both can hold more than one account. If needed account per env can be provisioned. This will increase costs a bit as each account require certain resources be created per account – e.g. VPC, DNS Zone, EKS Cluster, Database instances and queues.

Most of those resources can be shared between environments with little effort.