...
Recommendations
The following should be considered as some best practices for account strategy and be adapted to meet the organizational needs:
- Develop and enforce common tagging practices which meet minimum requirements for billing and chargeback
- Implement a consolidated single master account which provides billing consolidation and reporting across all institutional units (sub-accounts)
- Define a sub-account creation policy based on specific requirements for isolation or delegation as per governance and security requirements; initially it is recommended to segregate based on operating environment (i.e., production vs. non-production)
- Consider additional VPCs as boundaries for workloads that require specialized controls
- Leverage a common services model using VPC peering to minimize duplication of resources across accounts
Anchor PSU IAM SAML Provisioning PSU IAM SAML Provisioning
AWS Provisioning and IAM Roles at Penn State
| PSU IAM SAML Provisioning | |
| PSU IAM SAML Provisioning |
In AWS an account owner provisions users who will have access to the AWS console. Using AWS Identity and Access Management (IAM) roles with specific levels of permissions can be assigned to users by the account owner.
...