Crafting AWS Accounts: Applications Accounts

AWS Application Account Strategies in the Context of a Landing Zone

We build many multi-account Amazon Web Services (AWS) environments at Slalom, as is recommended as part of the AWS Well-Architected Framework. But even without that guidance, I think it’s an ideal structure for most AWS environments. I talked about several reasons for this and offered an overview of the strategy in a previous article: Crafting Secure AWS Environments: Using an AWS Multi-Account Environment.

Now, in this second article, I’ll focus on application account strategies in the context of an AWS Landing Zone.

Let’s start with a couple important Definitions:

• A service: In this article, a service is considered a workload, or a service you provide to your internal or external customers. For example, credit card payment services could consist of one or more microservices.
• An application account: In this article, an application account is used to host the deployed application and services used for that application. This is in contrast to a security account or the master account as described in the core account article.

Why multiple application accounts?