Diagram of a Substrate-managed AWS organization
A Substrate-managed AWS organization
A Substrate-managed AWS organization is comprised of half-a-dozen or more AWS accounts all working together. Briefly, since these accounts are all discussed in detail elsewhere:
- Management account: Creates the AWS organization and organization-wide CloudTrail. Receives your bill.
- Audit account: Stores the organization-wide CloudTrail.
- Deploy account: Facilitates moving objects between accounts via S3. Useful as part of CI/CD processes.
- Network account: Creates VPCs and shares them into all the right service accounts.
- Admin account: Integrates with an identity provider, serves the Intranet, and helps authorized humans get into AWS.
- Service accounts: Contain all the rest of the AWS resources, serve your production traffic, and protect customers’ data.
Go deeper and take a look at a diagram of a multi-quality, multi-region service provisioned within two service accounts, as highlighted in grey at the top of this diagram.