Application isolation is a core principle and best practice for enterprises serious about cloud infrastructure. Isolating applications at the account level allows the enterprise to use the scale of AWS to gain the same level of protection between their own applications as exists between AWS customers. The recent launch of AWS Organizations validates Turbot’s long-standing support of the AWS multi-account model as a best practice within the AWS ecosystem. We are happy to announce our integration with the new service. Turbot now provides enterprise Guardrails to facilitate secure configuration and management of the AWS Organizations service, and integrates directly with its API for tasks like account creation.
Solving the Account-Creation Issue
Because many of our customers use the multi-account strategy to isolate their workloads, they must create dozens or hundreds of AWS accounts. This mass account-creation has always been a pain point: Doing so manually is time-consuming and prone to human error. Now customers can leverage the AWS Organizations account-creation feature, using our point-and-click interface to create Turbot-managed accounts in their AWS Organization in mere seconds. To get started, first enable support for Organizations by setting the following options in Turbot:
- Organizations > Master AWS Account ID - The AWS account ID of the organization master account.
- Organizations > Account Name Template - The template used to produce the new account’s friendly name.
- Organizations > Account Email Address Template - The template used to produce the new account’s email address. If this is set incorrectly, you may not able to recover the root credentials for this account.
Administrators can then create accounts through AWS Organizations by using the existing Turbot Create Account button and selecting “Create AWS Organizations account”.
These new accounts are automatically added to the Turbot cluster, where Guardrails are applied immediately.