1 Answer
- Newest
- Most votes
- Most comments
2
Hello.
If you are managing multiple AWS accounts with AWS Organizations, I think it is a good idea to create a CloudFormation template and create AWS resources in each AWS account using a stack set.
By doing this, even if there are changes to resource settings, etc., you can complete the work by just using the management account instead of having to work on each AWS account one by one.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-concepts.html
Relevant content
- Accepted Answerasked 2 years ago
- asked 2 months ago
- asked 2 years ago
- AWS OFFICIALUpdated 2 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 23 days ago
- AWS OFFICIALUpdated 8 months ago
But, will everything be compromised with root account password ? If suppose someone cracks the root organization password. Will they be able to do malicious activities in other accounts by updating the resource setting?
Ensure that you have 2FA set for the root account, preferably with a hardware device that you keep secure (in a safe or such).
Can we do in some de-centralized way such that users must setup the architecture and run it in their AWS accounts. Root user is only responsible to pay the bills of the accounts in the organization and nothing else.