Every company has an "old" production AWS account

I like to joke that every company has an “old prod” AWS account.

In my experience working with different companies on AWS, there’s always a point where they end up migrating their entire production infrastructure to a new AWS account.

They usually migrate because they find it’s bad practice to use their root AWS account for production workloads. When companies are in the startup phase, they create their root AWS account and put everything in it. Later on, it might become necessary for the company to have SOC2 certification. These certifications’ audit and security requirements require a lockdown of the root AWS account.

It is an expensive and painful migration from the root AWS account to a new production account. I’ve seen it at Venmo and Flex.

If you’re starting today, I highly recommend setting up your AWS organizations and a sub-account under your root account. This will save you potentially hundreds of thousands to millions of dollars in migration costs down the line.

Does your company have an “old prod”? Hit reply and let me know if this resonates with you.