- Newest
- Most votes
- Most comments
Hi Steven,
First thing, all those new accounts must be managed centrally via AWS Organizations: https://docs.aws.amazon.com/pdfs/whitepapers/latest/organizing-your-aws-environment/organizing-your-aws-environment.pdf#organizing-your-aws-environment (This is really a MUST read in your case)
Then, you should split your services into 2 categories: datastore (DDB, RDS, etc.) and compute (EC2, ECS, EKS, etc.)
My personal experience is that it is simpler and less risky to start splitting the compute services before the datastores. Why? because it's easy and not risky to incrementally duplicate and move compute services as they are stateless. You can usually have several instances at once accessing your data cross-account with no big potential damages.
It's much more tricky to duplicate data and migrate data due to its statefulness: you will have to manage integrity / coherency aspects to manage as you start moving / duplicating them. If you transition incrementally, it means that those aspects will be present for weeks / months depending on the size of your system
So, start with compute is my recommendation and then finish with datastores when you get comfortable with multi-account management.
Best practices to move different kinds of resources are here: https://docs.aws.amazon.com/prescriptive-guidance/latest/transitioning-to-multiple-aws-accounts/resource-migration.html
Best,
Didier
Relevant content
- asked 3 months ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 6 months ago