Home > Software design >  Where to create accounts in a multi OU AWS Organization
Where to create accounts in a multi OU AWS Organization

Time:10-16

I have a multi OU AWS setup with a number of member accounts, a management account and a root account. My goal here is to have a central repository of users and not create accounts across all of the member accounts.

I understand that I need to have a trust relationship between the two member accounts for cross account access. But according to best practice where is the best place to create the actual IAM groups and accounts? Should the users be created in the management account in this setup?

Any help is appreciated.

CodePudding user response:

I would say yes, if you can avoid have load in the master account you should use a management account. But it could be an ide to create a new IAM-account.

Another solution that I like is to use is AWS SSO.

Page link:https//www.codepudding.com/Softwaredesign/577370.html

Prev:AWS DynamoDB Attribute Names containing Spaces
Next:Spring JPA Async Save
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding