Reputation: 981
AWS Consolidated Billing and multiple accounts in AWS
I will be hosting infrastructure for several different clients. Complete, total, 100% separation of client's AWS infrastructure is necessary (leagal etc). So I need some advice on how best to structure my accounts.
I will have a master account with MFA. It will not actually ever spin-up and infrastructure. It is merely to be a top-level billing account. Then each client will have their own separate AWS account. With I guess a separate root login and separate MFA. Each client account will be linked to the Master account for consolidated billing. This is neat because if they move their business else where then we just give them the IAM details for the account and strike it off from Master and we are done.
What I am not sure of is that to set up a brand new AWS account you need a unique email account. We don't want the client to ever have to first setup the account so do we need to have a whole bunch of email aliases to use on our company domain ([email protected], [email protected] etc) and then use them to set up new AWS accounts? Is there a better way than this? It could get pretty clunky to have to have a new email alias every time a new client joins.
Second, will we need a box full of MFA devices - one for each account, or will the same device work for all accounts?
Any pointers gratefully received. Thanks
Upvotes: 1
Views: 2558
Answers (2)
Reputation: 2613
You mention consolidated billing in your question title, but not in your question.
Beware the following re. consolidated billing:
If you purchase reserved instances for one client, the benefit of that will be shared with all your clients, so your costs will be out of sync.
If you plan to re-charge your clients, and you want to use reserved instances, don't use consolidated billing.
As for you question:
https://support.google.com/mail/answer/12096?hl=en
Most email platforms support some form of aliasing.
You may also be interested in
Upvotes: 1
Reputation: 22407
If you have a Gmail address like [email protected], then you can register AWS accounts using email addresses like:
[email protected]
[email protected]
[email protected]
and all the emails will go to your same gmail account. You could auto forward from gmail to another address.
This also works for Google Apps email addresses, if you are using that to host your company email.
Instead of physical MFA devices, you can use the Google Authenticator app on an Android or iPhone with one entry for each customer AWS account.
Upvotes: 4
Related Questions
- How to separate permissions and billing in AWS?
- Seperate Billing in AWS Account for two different EC2 Instance
- AWS - Billing by client
- Managing clients in AWS
- AWS multi account
- AWS consolidated billing on reserved instances
- AWS signup asks for credit card but I want to use consolidated billing
- AWS account delineation for hosting multiple customers servers
- What is the correct way to manage AWS accounts when the different users are paying?
- working with multiple amazon ws accounts