[mishftw]

My org (250-500 employees -- most in manufacturing) has 5 AWS accounts.

We have dev/staging/prod and then a master account used for organization management & consolidated billing. Just stood one up today for another department too.

I implemented SSO recently and am exploring the idea of giving each developer (we have a small team) their own lab account to standup whatever they need. Right now we have folks sometimes overwriting work in the dev account.

When I joined we had 3 accounts (staging/prod/payer) but slowly as we build real DevOps process its sorting itself out.

The rational for having different accounts across different departments - it helps with billing and ensuring the correct department pays for their share of AWS usage. Also better access control with Single Sign On & added benefit of reducing spillover effects from improper access/actions.