Status: LIVE

AWS Account Creation

• Never spin up services in the main 9Y AWS account. Always create a new account, using AWS Organisations.

  • Use hello+<customer>@9y.co as email

  • Never activate the root account for security reasons.

• Use role based auth to allow easy switching between AWS accounts. This should be provided to all squad members by the person creating the AWS account.

• When creating new users, give permission on a need-to-have basis, and enforce MFA.

• For long term maintenance agreements with customers, where a fairly steady load is expected, consider purchasing reserved instances to reduce costs.

• If the sub-account is being paid for using the 9Y parent account (this is the default), then you must notify PM that server costs are now accruing for the project.