Accounts that are not Accounts !

Coming from an Azure focused background and having worked on it for over 2 years I thought working on AWS would be simple,  as they have many of the same services and are quite closely aligned, but even thought I had worked with AWS in the past I initially did have a little trouble getting my head around one particular terminology, AWS Accounts!

When receiving an AWS account detail, you wouldn’t be too wrong in thinking that the account would be what you use to login with i.e. credentials such as a username and password, as you do in everyday life like a User Account for you Laptop or an account on Linkedin right?

What I came to find and I hope to help anyone else new to AWS, is that an Account in AWS has nothing to do with login credentials to AWS, to login you would need either the root account, IAM or a IdP (Identity provider) user account (more on these another time).

An AWS account is actually a container where you can deploy AWS services such as EC2, S3 and many more, and in this container you manage access and networking i.e. IAM, VPC and security groups. This container concept allows you to deploy many AWS accounts and not have them affect each other, for example, you can have sandbox, dev and production accounts to run your different workloads without affecting each other.

It doesn’t stop there, you are able to segregate access to these different accounts so users can make changes only to the accounts they are authorised to and have segregation of billing and governance.

Lastly if you hear the saying “switch AWS accounts” this means to switch between these different environments and NOT your User account, which you can only do if you have permission in the other AWS account!

Summary:

• AWS Accounts are NOT any type of user accounts
• AWS Accounts are like Azure Subscriptions
• Benefits of AWS Accounts are segregation of environments

Hope this has helped and if you have any questions or anything to add please comment below 🙂