Cost & Governance
D1 · Secure
D4 · Cost
~1 phút đọcAWS Organizations, SCP, Control Tower, RAM
Multi-account strategy: cô lập workload, áp dụng guardrail, share resource giữa account.
organizations
scp
control-tower
ram
multi-account
Sơ đồ tổng quan
Đang tải sơ đồ…
Organizations
- Management account + member accounts, OU (Organization Unit) để nhóm account.
- SCP áp xuống OU/account, là maximum permission boundary.
- Consolidated Billing + volume discount.
- Tag policies, backup policies, AI services opt-out.
Control Tower
- Landing Zone best-practice (multi-account, log archive, audit, SSO, guardrail).
- Guardrails: preventive (SCP) & detective (Config Rules).
- Account Factory: tạo account chuẩn hóa.
RAM (Resource Access Manager)
- Share VPC subnet, Transit Gateway, Route 53 Resolver rule, License Manager... cross-account trong Org.
- Giảm duplicate resource, dùng cho Shared Services account.
Nội dung liên quan
Quiz liên quan
Flashcards liên quan