Every company has an "old" production AWS account
I like to joke that every company has an “old prod” AWS account.
In my experience working with different companies on AWS, there’s always a point where they end up migrating their entire production infrastructure to a new AWS account.
They usually migrate because they find it’s bad practice to use their root AWS account for production workloads. When companies are in the startup phase, they create their root AWS account and put everything in it. Later on, it might become necessary for the company to have SOC2 certification. These certifications’ audit and security requirements require a lockdown of the root AWS account.
It is an expensive and painful migration from the root AWS account to a new production account. I’ve seen it at Venmo and Flex.
If you’re starting today, I highly recommend setting up your AWS organizations and a sub-account under your root account. This will save you potentially hundreds of thousands to millions of dollars in migration costs down the line.
Does your company have an “old prod”? Hit reply and let me know if this resonates with you.
Master GitHub Actions with a Senior Infrastructure Engineer
As a senior staff infrastructure engineer, I share exclusive, behind-the-scenes insights that you won't find anywhere else. Get the strategies and techniques I've used to save companies $500k in CI costs and transform teams with GitOps best practices—delivered straight to your inbox.
Not sure yet? Check out the archive.
Unsubscribe at any time.