plain-lunch-16168
05/28/2024, 11:27 AMquick-house-41860
05/28/2024, 12:54 PM<s3://my-awesome-bucket/my-org/my-team>
).
If you end up using the same backend you could establish a convention for the project name (e.g. ``my-org_my-team_my-project`). Then you could do the same prefix based IAM policies.
For the account structure I'd recommend you to use multiple AWS accounts. The reason for that is 1) access control and 2) account wide quotas:
• It's easier to prevent unallowed access to production systems that way.
• Many AWS services have account wide quotas (Lambda for example) and that could cause impact across environments. For example, a load test in the dev environment could cause an outage in the prod environment if it reaches the Lambda concurrency limit of the account.plain-lunch-16168
05/28/2024, 1:06 PMplain-lunch-16168
05/28/2024, 1:10 PMplain-lunch-16168
05/28/2024, 1:10 PMplain-lunch-16168
05/28/2024, 1:19 PM