@John-Vandervliet said in AWS Separate Accounts:
Hello, I've gone through the AWS classes and I had started implementing this is a test instance for AWS. I then ran across the IAM example in the Amazon docs that split Dev/Test and Production into separate AWS accounts and giving devs access to the prod account. My question is has anyone actually done this and to what advantage?
Here is Don's reply to your question:
It is possible, but it is the old way of doing things. IAM is much more mature than it used to be so it is not longer necessary to use multiple AWS accounts. Before AWS advanced, you would use multiple root accounts to limit access to resources within the different environments. Now, you only need separate AWS root accounts if you want to allow each environment to have its billing managed independently. Instead, you can use IAM access policies and VPCs to restrict the environments all from within a single account and provisioning IAM identities for each user/group. The only real-world example I would use multiple AWS accounts is in the case of contractors who already have their own accounts.