This article will explore certain advanced areas of HashiCorp’s Terraform usage, focusing especially on how to use Terraform when managing multiple Amazon Web Services’ accounts — which is increasingly popular, either due to the sheer size of an organization or a deliberate choice by its DevOps teams. In actuality, AWS itself is gently pushing its customers to at least consider using multiple accounts, and it recently released new services to help you do so.
There are many reasons why you may want or need multiple AWS accounts for your organization — for example, to easily increase security. This strategy can help you segregate resources per line of interest, allowing you to, say, grant one AWS account per developer, environment, or organizational department.
Managing security, in this case, is certainly easier than having one giant AWS account for everything, where managing IAM permissions becomes very difficult. By default, separate AWS accounts have absolutely no access to each other, making it impossible for one account to access the resources of another account.