Disposable AWS Accounts

0

So I have the below requirements

  • I need to create X number of AWS accounts for delivering trainings where X = number of students. So each student must have an AWS account
  • Now, I cannot use AWS Organisation because I want each student to learn how to use AWS Organisation and then create multiple different accounts under it. So I need fresh AWS accounts
  • I should be able to either buy $10 credits as they'll be using AWS Route53 zones and AWS EKS which is not in free tier. Or I should be able to control the cost to upto $10 and I should be able to pay upfront for all accounts together rather than paying for individual accounts.
  • I donot mind paying money upfront provided I can get a hassle-free solution.
  • These accounts post training will be nuked and will not be re-used.
y0dha13
gefragt vor einem Jahr386 Aufrufe
1 Antwort
0

There is really no easy way to do it. From a high level, what you could do is to:

  1. Create X number of account (you'll need different email for each account).
  2. Create AWS Organization from each account and enable consolidated billing.
  3. These X number of accounts will become the Management Account for each organization.
  4. Create IAM user\role for each student in each Organization with policies that make the student delegated administrator but without Billing privileges so that the student will be able to create a new accounts within the Organization and use AWS Route 53 and AWS EKS under the member accounts only (you'll be able to use SCP to control what services\regions are allowed).
  5. The spending incurred under each member account should get consolidated to the Management Account of the Organization and only you have access to manage Billing
  6. You can't further consolidate billing for each organization. But you can use a credit card or ACH to pay the invoice for each Organization automatically.

The key is to make sure only you have full access to the Organization; whereas the student can only create member accounts and use Rt53\EKS under the member accounts they create. Once the student is done, you can terminate all active resources and close the member accounts, remove the user, and ready to provide similar access to the next student.

profile pictureAWS
EXPERTE
beantwortet vor einem Jahr

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen