Basic organization - Organizing Your AWS Environment Using Multiple Accounts

Basic organization

The following example incorporates a security tooling environment for common security services, a second workload, and support for sandbox and development environments. Additions include:

  • A Sandbox OU to contain a series of disconnected sandbox environment accounts.

  • An additional workload in the form of workload-b-prod, workload-b-test, and workload-b-dev accounts.

  • A Dev OU under the Workloads OU to contain development environment accounts associated with the workloads.

This image shows an example basic organization with multiple workloads.

Example basic organization with multiple workloads

Basic organization with infrastructure services

This example includes support for common infrastructure resources. The additions include:

  • An Infrastructure OU and accounts containing a Prod OU.

  • A network-prod account to contain resources required to connect VPCs in the workload accounts to your on-premises network. For example, AWS Transit Gateway, AWS Site-to-Site VPN, and AWS Direct Connect resources.

  • A shared-infra-prod account to contain common shared infrastructure services to be used by other accounts. For example, Amazon RouteĀ 53 resolver endpoints.

This image shows an example basic organization with infrastructure services.

Example basic organization with infrastructure services

Basic organization with CI/CD as a separate function

This example incorporates support for CI/CD resources that are used to validate changes to their respective workloads and automate deployments to the test and production workload environments. The additions include:

  • A Deployments OU and a child Prod OU.

  • A set of workload-a-cicd-prod and workload-b-cid-prod accounts to contain the production quality CI/CD resources for each of the respective workloads.

This image shows an example basic organization with CI/CD services.

Example basic organization with CI/CD