Crafting AWS Accounts: Applications Accounts
AWS Application Account Strategies in the Context of a Landing Zone
Published in
5 min readDec 9, 2020
We build many multi-account Amazon Web Services (AWS) environments at Slalom, as is recommended as part of the AWS Well-Architected Framework. But even without that guidance, I think it’s an ideal structure for most AWS environments. I talked about several reasons for this and offered an overview of the strategy in a previous article: Crafting Secure AWS Environments: Using an AWS Multi-Account Environment.
Now, in this second article, I’ll focus on application account strategies in the context of an AWS Landing Zone.
Let’s start with a couple important Definitions:
- A service: In this article, a service is considered a workload, or a service you provide to your internal or external customers. For example, credit card payment services could consist of one or more microservices.
- An application account: In this article, an application account is used to host the deployed application and services used for that application. This is in contrast to a security account or the master account as described in the core account article.