WSLUI

Mission Control

AWS Account Structure Series

Complete 8-part guide

  1. 1

    The Multi-Account Journey - Why Structure Matters

    Part 1: Why organisations move from a single AWS account to a proper multi-account setup, and the three infrastructure repos that enable it.

  2. 2

    AWS Organizations - The Foundation of Multi-Account

    Part 2 of the AWS account structure series. Setting up AWS Organizations, the bootstrap chicken-and-egg problem, and creating the account hierarchy.

  3. 3

    Security Foundations - CloudTrail, Config, and Password Policies

    Part 3: Setting up the security baseline with CloudTrail audit logging, AWS Config compliance monitoring, and password policies.

  4. 4

    Solving the State Problem - Terraform Backend Bootstrap

    Part 4 of the AWS account structure series. The chicken-and-egg problem of Terraform state storage, and how to bootstrap an S3 backend with DynamoDB locking.

  5. 5

    Keyless CI/CD with GitHub Actions OIDC

    Part 5 of the AWS account structure series. Eliminating long-lived AWS credentials by using GitHub Actions OIDC for secure, keyless authentication.

  6. 6

    IAM Identity Center - Why It Replaces IAM Users

    Part 6 of the AWS account structure series. Setting up AWS IAM Identity Center for human access, understanding the identity store, and why it's the recommended approach over IAM users.

  7. 7

    Permission Sets - Designing Access Patterns

    Part 7 of the AWS account structure series. Creating permission sets in IAM Identity Center with managed policies, inline policies, and appropriate session durations.

  8. 8

    Cross-Account Access Patterns - Deployment Roles and Role Chaining

    Part 8 of the AWS account structure series. Designing cross-account deployment roles, understanding role chaining, and implementing external ID protection.

Start Reading Part 1