Managing clients in AWS

Question

I have a software business and different unrelated customers. I manage their servers and other services on their own AWS accounts. Each has its own.

I'd like to simplify the management by having a root aws account of my company, and link different accounts to it with different payment methods. In most cases, clients use their own payment method..

What is the best way to achieve this?

Answer 1

There are 2 scenarios:

1. Clients pay for their own account: Create a cross account role in each of your customer's account that gives access to your account to do things in their account. Take a look at this tutorial - https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html#tutorial_cross-account-with-roles-3 . You will be able to use the cross account role to gain access to their account from your account by switching to their account from console. Take a look at the steps here - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-console.html
2. You pay for all the clients: In this case you can use AWS organizations in your account and add the accounts of your customer's to it. You will also need to create cross account role like in step1 so that you have access to do things in their account. This will allow to to have a single consolidated bill for all the accounts while you still get the bifurcated billing details of each account. Take a look at the tutorial here: https://docs.aws.amazon.com/organizations/latest/userguide/orgs_tutorials_basic.html