Why use multiple accounts instead of resource tagging?

Tags are merely metadata and do not provide hard security boundaries. Accounts provide total isolation for IAM policies, billing, service quotas, and blast radius control.

Which cloud providers does this skill support?

This skill provides specific implementation patterns and terminology translations for AWS (Control Tower), GCP (Cloud Foundation Toolkit), and Azure (CAF Landing Zones).

How does this approach handle CI/CD security?

The skill promotes the use of OIDC workload identity federation per account, which eliminates the need for static API keys and high-risk credentials in your CI/CD system.

Is a multi-account setup too complex for early-stage startups?

No, using landing zone tools allows you to set up a multi-account structure in an afternoon. It is much cheaper than performing a full production migration six months later.

Multi-Account Cloud Architecture

Name: Multi-Account Cloud Architecture
Author: oborchers

byoborchers

•

클라우드 인프라

Establishes a secure, scalable multi-account cloud foundation with environment isolation and organizational governance from the very first resource.

This skill provides opinionated, research-backed guidance for implementing a multi-account cloud strategy across AWS, GCP, and Azure to avoid the pitfalls of single-account 'shortcuts.' It guides developers through setting up landing zones, defining organizational units, and establishing hard boundaries between development and production environments to minimize blast radius, simplify billing, and ensure compliance. By implementing a standardized account structure from day one, you prevent costly future migrations and ensure your infrastructure can scale securely alongside your team and product.

주요 기능

01Cross-account identity federation and OIDC configuration

02Environment isolation for Dev, Prod, Sandbox, and Security

03Standardized six-account minimum viable structure

04Organization-wide security guardrails and audit logging

05Landing zone automation patterns for AWS, GCP, and Azure

069 GitHub stars

사용 사례

01Implementing strict security boundaries for compliance and audit readiness

02Bootstrapping a new cloud-native SaaS project with enterprise-grade isolation

03Migrating from a single-account monolith to a secure multi-account structure

주요 기능

01Cross-account identity federation and OIDC configuration

02Environment isolation for Dev, Prod, Sandbox, and Security

03Standardized six-account minimum viable structure

04Organization-wide security guardrails and audit logging

05Landing zone automation patterns for AWS, GCP, and Azure

069 GitHub stars

사용 사례

01Implementing strict security boundaries for compliance and audit readiness

02Bootstrapping a new cloud-native SaaS project with enterprise-grade isolation

03Migrating from a single-account monolith to a secure multi-account structure