Amazon Web Services Question posted in
The official Amazon Web Services documentation can be found here.

Amazon web services – How to Design a multi-account setup in AWS architecture?

I am currently a student enrolled in an AWS course from our college where it teaches us the basics of AWS and cloud computing. We have an activity where we are tasked to design an infrastructure diagram that is multi-account set up and should at least include one of this sections:

Account Management

Security and Compliance

Machine Learning

BIlling and Support

Now here comes my problem, I was absent during the lecture about the sections mentioned above, and because of that I am having a hard time figuring out the activity or how to start it. Don’t get me wrong, I am not asking the community to answer the activity for me, I just want to know where to start or are there any references/diagrams I can look on to while doing the activity. I also want to learn about this because I find it enjoyable, so It would be a huge help if you could help me point in the right direction!

To add more context, In our previous activity, we already designed an infrastructure that supports global application (IDK if this is the right term, so I am sorry in advance). And for this activity, we simply have to update that previous work that includes the sections above. I will share to you what I’ve made previously:

I am currently learning this so it might be a little rusty here and there, so please don’t judge me!

Feel free to use my diagram and include examples in your replies, everything would help me in this!

Tags:

2

Answers


  1. 0

    What you’ve already setup is a worker account, with multiple regions, so keep everything you have there.

    The question is asking you to more or less setup an Organization in AWS (see details https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tutorials_basic.html)
    Within the organisation you can create accounts, under organizational units, that exist only for particular workloads or environments. The above link describes this in far more detail, so there’s not much value summarising it.

    With regards to your specific requirement:

    • Account Management – I would say they are looking for you to setup a ‘landing’ account where the SSO occurs. This account exists for this purpose of managing policies and users, generally backed by something like Azure or similar.

    • Security and Compliance – These accounts maintain security services like Guard Duty for all the accounts within the Organization. Some workplaces also forward all cloudwatch, VPC logs and cloudtrail logs to this account for parsing/scanning/compliance reasons

    • Machine Learning – Self explanatory

    • Billing and Support – Billing is generally handled by the organization management account (see https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/consolidated-billing.html). I’m not sure what it means by ‘support’ here

    Hope that helps

    Login or Signup to reply.
  2. 0

    You may wanna refer to AWS’s documentation for this:
    https://docs.aws.amazon.com/accounts/latest/reference/using-orgs.html

    Thanks!

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search