Every company has an "old" production AWS account

I like to joke that every company has an “old prod” AWS account.

In my experience working with different companies on AWS, there’s always a point where they end up migrating their entire production infrastructure to a new AWS account.

They usually migrate because they find it’s bad practice to use their root AWS account for production workloads. When companies are in the startup phase, they create their root AWS account and put everything in it. Later on, it might become necessary for the company to have SOC2 certification. These certifications’ audit and security requirements require a lockdown of the root AWS account.

It is an expensive and painful migration from the root AWS account to a new production account. I’ve seen it at Venmo and Flex.

If you’re starting today, I highly recommend setting up your AWS organizations and a sub-account under your root account. This will save you potentially hundreds of thousands to millions of dollars in migration costs down the line.

Does your company have an “old prod”? Hit reply and let me know if this resonates with you.

Join the 80/20 DevOps Newsletter

If you're an engineering leader or developer, you should subscribe to my 80/20 DevOps Newsletter. Give me 1 minute of your day, and I'll teach you essential DevOps skills. I cover topics like Kubernetes, AWS, Infrastructure as Code, and more.

Not sure yet? Check out the archive.

Unsubscribe at any time.