- 最新
- 最多得票
- 最多評論
I published the solution with examples to this public repo: https://github.com/zaphodbeeblebrox3rd/working_with_aws
It essentially involves the use of dedicated S3 buckets for each project. Access to the buckets is controlled by IAM policies assigned to the IAM role for each project team.
A set of EventBridge rules with Lambda functions allows the Transcribe jobs to be tagged so that they can be broken down per-project in Cost Explorer.
Unfortunately, Translate does not yet include resource tags in its API. I provided the instructions and code to use that feature if/when it becomes available.
I like Eric's answer. My "answer" is more like thinking outside the box and may not be helpful.
Background
AWS is going to be changing sign-on to make it better. I wonder if this ties to Identity Center. Should you look at Identity center as a possible good long term solution unless you are already using SSO with your account at which point you already know this.
Why Identity Center
- it allows you to make multiple "organizations" that are managed by your Identity center admin.
- you could even use it to merge multiple accounts which I suspect is well beyond what you want/need to do.
- SSO has some cool advantages.
- Identity center is not a simple migration. So unless Identity Center is something you can see for other benefits then skip this crazy idea.
相關內容
- 已提問 1 年前
- 已提問 10 個月前
- AWS 官方已更新 2 年前
100% agreed. I'm using it for an Org that uses Organizations and SSO, but this allows my department to be a little less dependent on centralized IT and Finance to constantly churn out new accounts. The strategy will work either way regardless of whether Organizations and/or SSO is implemented .