AWS Account Creation

Status: LIVE

AWS Account Creation

  • Never spin up services in the main 9Y AWS account. Always create a new account, using AWS Organisations.

    • Use hello+<customer>@9y.co as email

    • Never activate the root account for security reasons.

  • Use role based auth to allow easy switching between AWS accounts. This should be provided to all squad members by the person creating the AWS account.

  • When creating new users, give permission on a need-to-have basis, and enforce MFA.

  • For long term maintenance agreements with customers, where a fairly steady load is expected, consider purchasing reserved instances to reduce costs.

  • If the sub-account is being paid for using the 9Y parent account (this is the default), then you must notify PM that server costs are now accruing for the project.

 

 

Owner

Reviewer

Â