AWS Multi-account architecture
Last updated
Last updated
If your company has a multi-account architecture, we recommend calculating the savings estimate on Pump first using your management account. This will provide us with a fairly accurate estimate of your potential savings.
Your management account is your 'root account' that you created your AWS account with, you can also verify this by visiting this link and seeing which account is designated as 'management account'
Once you've checked your savings with your management account following the steps listed in Getting started, assess if you'd need to be breaking your organization or importing it whole.
If you have only one account within your AWS organization (like the example shown above) or have only one active account amongst other unused accounts and don't have SSO setup - we recommend you disassociating your accounts from the organization & join the standalone account via the steps linked here
Otherwise removing an AWS Org can impact the following ways and we recommend you evaluate each of the impact items for yourself -
Access control
Breaking an organization can affect access control and permissions, which may require additional configuration and management.
If you have SSO setup through AWS Identity Center only (see if it is enabled on your end) we recommend you DO NOT disassociate your AWS accounts from your organization.
Cross-account functions management
Managing cross-account functions like logging, security, and monitoring can become more complex when you break an organization.
Please proceed here with caution, and check in with us at support@pump.co or starting an intercom chat.
Account management
Managing multiple accounts separately can be more difficult than managing them within an organization.
Pump sets up a 'billing group' for you to overcome this.
Organizational structure
You may lose the organizational structure (OUs) that you have set up within the organization, which can impact the way you manage and organize your accounts.
Pump can recreate the OUs for you in our organization
Bottom line - If you do not have SSO setup for your AWS organization or have communication setup between accounts, we recommend that you break up your organization following these steps.
However, if you do have it setup or cannot break an organization due to a complex setup, we recommend you to follow the steps here.
