AWS accounts

Each Rackspace account can house one or more AWS accounts. By default, you can create up to five new AWS accounts through the Rackspace Technology Customer Portal. If you need more than five accounts, open a ticket to request a limit increase. In addition to creating new AWS accounts, you can also transfer existing AWS accounts to Rackspace for management.

Each AWS account provides a top-level administrative control boundary for the resources that it contains. While you can leverage Amazon’s Identity and Access Management (IAM) platform to isolate certain resource access, we typically recommend provisioning an AWS account per application deployment phase (such as development, staging, and production). This provisioning allows you to assign different users in your organization access to one or more accounts without complex IAM policies. In this example, you could grant developers access to provision EC2 instances, RDS databases, and so on in your development and staging accounts and restrict them to read access for the resources in your production account.

In addition to being a strong permission boundary, AWS accounts also provide a convenient construct for tracking expenses because, by default, the system groups both AWS and Rackspace charges by AWS account and can span multiple accounts. For example, if you use four separate AWS accounts (app1-dev, app1-prod, app2-dev, and app2-prod), you can easily see how much you are spending on each application environment. We highly encourage you to use tagging for more fine-grained expense tracking within accounts. However, tagging is more complicated. You might miss tagging certain resources resulting in unallocated cost, and not all AWS resource types support tagging. AWS accounts provide a great default cost allocation construct.

Lastly, by using separate AWS accounts for each environment, you have the flexibility to select different Rackspace features for each environment because Rackspace applies service levels at the AWS account level.

As we describe later in this document, several FAWS features (such as Rackspace Logbook) are available in both cross-account and account-specific views, enabling unified visibility across multiple AWS accounts.