A single AWS account can manage several AWS member accounts. One pattern is to create a member account for each combination of application and environment. Benefits include:
- Consolidated billing and reporting.
- Resource limitations per account.
- It is easier to fully tear down an environment.
- Reduced blast radius in case of compromise or other unintended actions.
Member Account Creation and Setup
There needs to be a top-level management AWS root account where billing details are provided. This is the management account.
To create a new member account, a working email account must first be created.
When setting up multiple member accounts, consider
- a naming convention for the email address and the AWS account names,
- tags for querying the member accounts.
AWS Organizations →
AWS accounts →
Add an AWS Account →
Create an AWS account
If an account is created independently then billing details may have to be provided during signup.
Member Account Termination
- Login to the member account as the AWS root user.
- Review the billing breakdown and terminate all services.
- Close the account
- Login to the management account and remove the member account from the organisation.
If the member account is not closed then it cannot be detached from the management account unless it has valid billing details.