1 Answer
- Newest
- Most votes
- Most comments
0
You should check out the blog post on best practices with OU management. There are suggestions for both sandbox environments and logging: https://aws.amazon.com/blogs/mt/best-practices-for-organizational-units-with-aws-organizations/
Check out centralized CloudTrail for logging and auditing. It's a widely adopted best practice. It helps the management account make sure everything is logged (and doesn't let member accounts turn it off).
For IAM role usage. There are many approaches customers can take. I don't have Terraform examples. Stacksets provides easy integration for rollout of IAM roles.
answered 4 years ago
Relevant content
- Accepted Answerasked 2 years ago
- asked 7 months ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago