Accounts

All too often, I see customers using only a single cloud account. Have you heard of a company named Code Spaces? More than likely the answer is no, because this is a bit of a rhetorical question. The company no longer exists. This company perished so that we can learn from its mistake. Their cloud account was compromised and ultimately everything in it was deleted, including their backups. They had backups, but they were stored in the same account. We will cover security topics in Chapter 9, Security, but the point here is that we can use cloud accounts as an isolation mechanism to create bulkheads to protect the system. My basic advice is that companies start with at least four accounts: a master account for only consolidated billing, a production account, a development account, and a recovery account for backups. Each account will have different access rights granted.

Each account has soft limits set on services that act as governors to impede runaway resource usage. This protects the cloud provider and your pocket book. So, as an example, the last thing you want to do is run a performance test in an account that houses your production workloads and inadvertently cause your users to be throttled, because the performance test pushed the account across these thresholds. Regulations, such as PCI, can have a big impact on your system and your company. It is typically advantageous to limit the scope of these regulations on your systems. These regulations are typically focused on the parts of a system that interact with certain types of data. As such, we can craft components around this data and then isolate those components in separate accounts and control access to these accounts independently. It may also be advantageous to isolate related components in separate accounts, just to ensure that a mishap in one account does not impact another. For example, separate accounts could be created to separate back-office components from front-office components. The front-office components used by your customers are of the utmost importance, therefore a dedicated account would be prudent.