Skip to content

Cloud Standard

Purpose

To ensure secure, scalable, and well-governed cloud environments by adopting a multi-account architecture.

Requirement

All workloads must be deployed using a multi-account strategy rather than a single account. Accounts should be segregated by environment and purpose, such as:

  • Environment Types:
    • Production and Non-Production (Dev, Test, Stage). See Cloud Environment Classification standard HERE.
    • Shared Services (e.g., networking, security tooling)
    • Sandbox (for experimentation)
  • Business Units or Projects:
    • Separate accounts for different business units, projects or services to isolate resources and manage costs effectively.

Accounts must be linked to a central management account for consolidated billing and governance.

Compliance

Accounts can only be vended through approved account vending mechanisms, such as AWS Control Tower (via AFT) or Azure Management Groups.