By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Disposable AWS Accounts

0

So I have the below requirements

  • I need to create X number of AWS accounts for delivering trainings where X = number of students. So each student must have an AWS account
  • Now, I cannot use AWS Organisation because I want each student to learn how to use AWS Organisation and then create multiple different accounts under it. So I need fresh AWS accounts
  • I should be able to either buy $10 credits as they'll be using AWS Route53 zones and AWS EKS which is not in free tier. Or I should be able to control the cost to upto $10 and I should be able to pay upfront for all accounts together rather than paying for individual accounts.
  • I donot mind paying money upfront provided I can get a hassle-free solution.
  • These accounts post training will be nuked and will not be re-used.
Topics
Management & Governance
Tags
AWS OrganizationsAWS Account Management
Language
English
y0dha13
asked 10 months ago311 views
1 Answer
0

There is really no easy way to do it. From a high level, what you could do is to:

  1. Create X number of account (you'll need different email for each account).
  2. Create AWS Organization from each account and enable consolidated billing.
  3. These X number of accounts will become the Management Account for each organization.
  4. Create IAM user\role for each student in each Organization with policies that make the student delegated administrator but without Billing privileges so that the student will be able to create a new accounts within the Organization and use AWS Route 53 and AWS EKS under the member accounts only (you'll be able to use SCP to control what services\regions are allowed).
  5. The spending incurred under each member account should get consolidated to the Management Account of the Organization and only you have access to manage Billing
  6. You can't further consolidate billing for each organization. But you can use a credit card or ACH to pay the invoice for each Organization automatically.

The key is to make sure only you have full access to the Organization; whereas the student can only create member accounts and use Rt53\EKS under the member accounts they create. Once the student is done, you can terminate all active resources and close the member accounts, remove the user, and ready to provide similar access to the next student.

profile pictureAWS
EXPERT
AWS-User-alantam
answered 10 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content