Managing data services in AWS: Creating a single account vs separate accounts

Hi, i have general question on aws cloud… in company usually create db account and manage on this account all the data services or create separate account for each syatemn? I try to understand what the best approach to manage it in cloud… thanks

I prefer to manage accounts by responsibly boundaries. So if you have a dedicated DB admin team and they own those DBs completely then I would separate out the account. If you have many teams responsible for an application then I would separate accounts by application responsibility.

Thanks… Every application has db service, so it’s mean the application and db be on different vpc… it’s not a problem?

It typically is an issue if there are latency concerns but there are network solutions such as transitGW and shared VPCs that can be used across AWS projects

Yes, but then the application not isolated… I try to understand if there is one rule or it more depends on organizations

There is no one rule, and I’ve never found a best practice to reference. So I’ve always defined it myself as the cloud owner who provides cloud access to the rest of the company. And I’ve always defined the strategy based on responsibility boundaries.

If the DBs are all in a separate account I consider that an app dependency just like using dynamoDB or some like that.

I’m sorry not understand last sentence compare it to dynamoDB

DynamoDB has a documented expectation for interaction with an application. There is a service contract defined where you can use DynamoDB as a dependency. If the DB team is managing DBs in their own account I would want to have similar expectations for application to use those DBs.