In this article, I will explain what needs to be done to implement multi aws accounts with AWS CLI step by step. I am planning to create story series for AWS Multi-Account deployment.

AWS Accounts

We will create the following child accounts under an AWS Organization.

security
mgmt
dev
stage
prod

Architecture

• Create all IAM users in security account
• Create dev, admin roles in dev,stage, prod and mgmt accounts. Grant access to these roles from a security account.
• Create policies(i.e. one policy with limited dev permissions, another policy with full admin permissions on target accounts) in security account to allow assuming role on target accounts like dev role to access all other accounts(dev,stage,prod,mgmt)
• Deploy infrastructure into a number of other accounts(dev,stage,mgmt prod)
• Deploy CI/CD in mgmt account(Jenkins, ArgoCD, Flux etc)

#security #aws #aws-cli #multi-aws