We have multiple AWS accounts (about 15-20), one AWS account per client that we are managing, each account having VPC having dedicated setup of instances. Due to regulatory requirements all accounts needs to be isolated from each other.
What is the best way to manage account credentials for these AWS accounts? Following is what I am thinking
-For any new client
- Create a new AWS account
- Create AWS IAM roles (admin, developer, tester) for newly created account using cloudformation
- Using master AWS account, assume roles created in step 2 to access other accounts.
Is this the right approact to manage multiple accounts?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire