AWS Account Creation

Status: LIVE

AWS Account Creation

  • Never spin up services in the main 9Y AWS account. Always create a new account, using AWS Organisations.

    • Use hello+<customer>@9y.co as email

    • Never activate the root account for security reasons.

  • Use role based auth to allow easy switching between AWS accounts. This should be provided to all squad members by the person creating the AWS account.

  • When creating new users, give permission on a need-to-have basis, and enforce MFA.

  • For long term maintenance agreements with customers, where a fairly steady load is expected, consider purchasing reserved instances to reduce costs.

  • If the sub-account is being paid for using the 9Y parent account (this is the default), then you must notify PM that server costs are now accruing for the project.

 

 

Owner

Reviewer

 

Related pages