Does the concept of Google Cloud projects exist within Amazon Web Services?

Question

I am familiar with using Google Cloud projects https://cloud.google.com/resource-manager/docs/creating-managing-projects which allows me to isolate my dev, staging, and production environments. Is there a similar concept in AWS?

If I want to test something out and not worry about impacting anything production related should I create another AWS account outside of the production account?

Answer 1

It seems like you have a couple options here, thoughts are detailed below. You could also mix and match these strategies (for example-- dev & staging in same account and prod in an isolated account)

Separate Accounts Per Environment

Create one account per application environment. If you need a bridge between your accounts you can always connect them using VPC peering. You could also use aws organizations in this case to centralize management and billing for your accounts should you desire. This would likely be the easiest approach if your primary concern is isolating environments.

Same Account For All Environments

Your other option is to run your application environments out of the same account. In this case you could either bake application environment into the service name or tags of your AWS resources. To protect the boundary between environments it would depend on your application stack. For example, IAM based permissions can be restricted based on a number of conditions. It gets a bit trickier if your application has permissions evaluations outside IAM. In that case you could always separate your environments into different VPCs within your account and base permissions on IP CIDRs.

Hopefully this helps, Good luck!