Setup AWS Organizations

As a best practice, it is recommended to have sub-prod and prod environments in a separate AWS accounts. This solves multiple problems, but also causes some complexities as listed below.

1. How to create a hierarchy of AWS Accounts using AWS Organizations?
2. Where should the hosted zones for domain names be provisioned?
3. How will the requests be correctly redirected to sub-prod and prod environments, when hosted zones are being managed at a single place?
4. How to control developer access on prod to avoid accidental changes?
5. How to implement Terraform IaC pipelines to roll out changes for testing only in sub-prod environment? How to tackle access controls required by pipelines?
6. How to develop Terraform IaC to comprehensively contain common and environment specific code?

In this post, we will focus on the first point. The rest of the points deserve a post individually. This, and few more posts which follow, are important for anyone who is looking forward to get started with SaaS development on AWS, as it lays the tracks for smooth development operations — did I say DevOps?

Creating separate AWS accounts individually can be a cumbersome task in the long run. For example, we have to individually manage the billing for each account every…