1

An infrastructure (include both dev and prod environments) for an application has been made on an AWS account that is quite big, includes 15 instances,... Now, we're gonna make a new infrastructure for another application. I would like to know if it's better to create another AWS account for the new project. What would be the advantages?

Although I prefered to have separated account for each environment than projects but as the first project is made on one account compeletly, so I think the only better way is to atleast create another AWS account for the new project.

Plus,in any case, is there any easy way to transfer production env to another account inorder to separate the environments?

Any suggestion would be appreciated.

Matrix
  • 2,399
  • 5
  • 28
  • 53

2 Answers2

1

I'm not sure as to the circumstances in your case but I imagine having a separate account for each environment does give you more control and less room for error.

If you're working alone, try to determine this for yourself whether the effort is worth it. Should you be part of a team or even leading a team, if someone has access to the 'global' aws account with both the development and production instances, errors can easily be made. If you're consuming the AWS API for example and terminate the wrong instance... Food for thought.

Another reason would be that you will need to become very very granular with your IAM roles should you wish to worth with a global account with each environment in it to keep some level of control.

Lastly, cloudwatch will give you nice detailed reports on how your instances are doing and when you have all environments in their respective AWS accounts, it becomes a quick way to see which servers are operating in which fashion. If all your environments are in the same account, this can become quite confusing as to which instances are production / development.

TLDR, it is good practise to split up the different environments to keep a higher level of control and overview.

Tom Nijs
  • 3,835
  • 3
  • 22
  • 40
  • 2
    Good answer, I would also add to that the fact AWS accounts have certain **limits** detailed on [the official documentation](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html). Keeping the accounts separate for different stages of the application (beta, gamma, prod etc.) will ensure those limits are approached slower. – Selçuk Cihan Oct 17 '18 at 18:45
0

Today (I know I'm answering a very old question), AWS makes it easy and very useful to group accounts into Organizations.

For a big setup, this means you can consolidate billing, reservations and other reductions, as well as many security and compliance aspects, while keeping each account operationally separate. While it may be some overhead for a small setup it will be less overhead than trying to keep separate two development teams that are using one account, and extra costs are small to none.

In short, there are a number of very significant advantages and as far as I can see no significant downsides to separating different spheres of responsibility into different accounts.

Law29
  • 637
  • 1
  • 10
  • 16