Skip to content

Identify AWS account type

This document will give a brief explanation of the different types of AWS accounts, what characterizes them and how to identify them.

Purpose

The purpose of this document is to identify the account type when onboarding new customers with existing AWS accounts.

Having identified the account type, we can communicate expectations to the customer.

Identifying

The simplest way of identifying an account is through AWS Organizations. The customer needs to provide a screenshot or description of the contents of the AWS Organizations-page in the AWS console. It is important to emphasize that the customer needs to be logged in to the account in question when retrieving this screenshot.

Account types

We can identify three types of accounts. One could say there are many more account types, but for the purposes of onboarding existing resources, only four are relevant.

1. Workload Account - Standalone

A Workload Account - Standalone is characterized by the following:

  • The account does not belong to an organization.
  • The account does not have an organization.

The screenshot from the customer should look like this:

workload-account-standalone

2. Workload Account - Member

A Workload Account - Member is characterized by the following:

  • The account belongs to an organization.
  • The account does not have an organization.

The screenshot from the customer should look like this:

workload-account-linked

3. Management Account

A Management Account is characterized by the following:

  • The account does not belong to an organization.
  • The account has an organization.

The screenshot from the customer could look like this:

management-account-populated

... or like this:

management-account-unpopulated

Onboarding

For more detailed information on onboarding, look here.

A very brief explanation of how the different account types will be onboarded.

1. Workload account - Standalone

The standalone account must be invited to a management account. If the customer does not already have a management account, we create one and invite the existing account to the new organization.

2. Workload account - Member

The workload account must first leave its current organization to become a standalone account. Once it is converted to a standalone account, the onboarding process is identical to the process of onboarding a standalone account.

3. Management Account

There are two ways to onboard a Management Account. The customer alone decides which way they want to be onboarded. It is important to present the options to the customer in a way that allows them to make the best decision.

3.1. Convert to Standalone

  • Convenient way to onboard environments with a low level of complexity.
  • Typically the fastest way to onboard a customers' environment.
  • Most of the work has to be done by the customer.

3.2. Onboard as-is.

  • Recomended for environments with a medium to high level of complexity.
  • Recomended for customers who wants their environments to remain completely unchanged.
  • Typically time consuming. Can take anywhere from 2-5 weeks to complete.
  • Most of the work has to be done by Crayon.
  • More information on this process can be found here.