Appendix A: Relation to AWS Well-Architected

Organization - Operating Model – Use of multiple AWS accounts and OUs enable you to support multiple operating models within a common overall AWS environment.

Prepare – Mitigate Deployment Risks – Use of separate AWS accounts for deployment-oriented operations help secure those operations and isolate them from the targeted test and production workload environments.

Security Foundations - AWS Account Management and Separation – Use of separate accounts for your test and production workloads helps maintain isolation between those environments.

Identity and Access Management – Identity Management – Use of a centralized identity provider and federated access helps you more efficiently manage human access across your accounts.

Identity and Access Management – Permissions Management – You can define permission guardrails for your AWS environment and provide least privilege access to identities that need access to your accounts.

Configure service and application logging (SEC04-BP01) – Your security operations team can benefit from the centralization of logs generated across your accounts in support of analysis and detection requirements.

Foundations - Manage Service Quotas and Constraints – By isolating workloads in their own accounts, you can more easily manage service quotas for those workloads.

Practice Cloud Financial Management – Cost-Aware Processes – You should build in cost awareness from the start of your cloud adoption journey.

Expenditure and Usage Awareness – Governance – Your account structure can help you isolate different workloads for fiscal and billing purposes.

Expenditure and Usage Awareness – Monitor Cost and Usage – Since costs are allocated by default at the account level, you can distinguish costs across accounts.