We generally would recommend you to split your account and leverage multi-account strategy if you have both dev/QA and prod deployment.
This is especially true if you have sensitive workload with critical data, and have a team of developers that you want to have proper access control.
While there is no golden rule here, I generally would say if your monthly spent is more than 1k, you should seriously consider using multi-account.
+ Setup account level (strongest) boundaries for your Dev and Prod workload, reduce blast radius of a bad deployment and compromised account.
+ Ability to apply policies to each account if using AWS Organizations.
+ Federate access to each account for multiple developers and ability to impost strongest protection preventing changes to production environment
- You do need to share resources maybe in the future, there might be a slight administrative overhead of configuring that, and a small cost for let's say a Transit Gateway or VPC peering or data transfer etc
- You might want to aggregate logs like CloudTrail etc, and potentially cost a little bit more. And some setup using Organizations and/or Control Tower is strongly recommended
- If you want to have a CI/CD pipeline, special consideration is needed to have cross account role for deployments. Pretty easy to do, but not as easy as one account. Also for things like Identity Federation you do have to create and apply roles to each account (AWS SSO can help)
Single account building is great for ease of use and management, especially for smaller teams. If you split the accounts, you minimize risk of inadvertently impacting your production environment. You'll also be able to easily differentiate billing between your development and production workloads. If you're diligent about leveraging tagging, you can achieve a similar cost breakdown outcome in a single account.
Spending some time upfront to create an Admin account to control an Organization and then under that organization Dev, Stage and Prod will make things easier down the road. For small teams the extra overhead can seem like a waste of time but in the long run you are setting up a good foundation to build on.
I don't see the instances and I don't see anything AWSAccount1 created in my AWS account.asked 4 months ago
Should I use one account or multiple accounts?Accepted Answerasked 6 months ago
Mixing ECS Fargate IPV6 and Network Load Balancersasked 2 months ago
Account Hacked and now I can't get AWS Billing to remove the costs from account so I can close it for good.asked 2 months ago
Move postgres on EC2 to RDS in a different accountasked 8 months ago
moving a SES identity from one account to another accountAccepted Answerasked 3 months ago
AWS Organization account has consolidated billing but got multiple invoices?asked 4 months ago
AppConfig and Multiple Accountsasked 7 months ago
Can i move Lightsail Instance Snapshot from one account (test) to another account (production)?Accepted Answerasked 8 months ago
Use RDS Postgres Replicas as a clusterAccepted Answerasked 7 months ago