|
|
|
|
|
|
by akos-kri
1547 days ago
|
|
|
Hey, author of the post here! To manage our AWS accounts we use: - AWS SSO hooked up to our Google Workspace: so no AWS access keys exist, everyone has only short-lived credentials (e.g. 24 hours) to access their AWS account. - AWS Organization with consolidated billing: all our bills roll up into one nice invoice! - AWS Control Tower: allows us to deploy guardrails and policies to keep all our AWS accounts secure. We also have a centralized Audit AWS account where all Cloudtrail logs are routed. - AWS Account Factory: to create new AWS accounts that are automatically enrolled and created as part of the right Org Unit. - AWS Cloudformation StackSets: allows us to deploy custom resources to everyone's AWS accounts. Right now we use this to deploy custom roles that can be assumed by developers. Hope that answers your question! |
|
|