Don’t be afraid to create as many accounts as needed in order to segregate our resources and manage permissions efficiently. There’s little to no incremental cost for AWS accounts.
Very often we tend to use only one or two accounts, like Production and the rest of the environments in the other one, which leads to very common mistakes that can impact other tasks like Business Support, QA, and development.
Even having a playground account for holding our company’s hackathons and non-business activities is a great idea, as it leads to healthier resource management. Here are some best practices for designing a healthy account management plan.
Design an Effective Tagging Policy
An effective tagging policy will provide our organization with increased granularity visibility and management over our allocated resources but it will require standardization and grouping into categories.
The following tag categories can help us achieve these goals:
- Environment – Distinguishes between development, test, and production infrastructure.
- Application – Identifies resources that are related to a specific application for easy tracking of spend change and turn-off at the end of projects.
- Cost Center/Business Unit – Identifies the cost center or business unit associated with a resource, typically for cost allocation and tracking.
- Owner – Used to identify who is responsible for the resource.
- Project – Identifies resources that are related to specific projects or new developments.
Enforcement of tagging during resource creation, will help our organization maintain a solid cost profile. There are 2 types of tagging policies:
- Soft: Users who create a resource without proper tagging are notified through email, nevertheless the creation is allowed
- Hard: Users are unable to create resources without proper tagging (Best practice)
Another recommended strategy regarding tagging is to have a list of fixed values each tag can take in order to avoid typos or multiple values for the same type of resource (for example: DataLake, data-lake, dataLake).
Enable Cost Allocation Tags
Jorge Goldman
