Matt Karmazyn

# AWS Account Setup

This is the foundational step where you secure your AWS account and prepare it for infrastructure deployment.

Time to Complete: 2-4 hours
Prerequisites: New or existing AWS account with root access

# Overview

Before building any infrastructure, we need to:

  1. Secure the root account
  2. Set up AWS Organizations for multi-account management.
  3. Enable AWS SSO - Even if you don't have an SSO provider, you can manage IAM users in the management account for all of your other accounts.
  4. Create the GitHub OIDC Provider in the management account.
  5. Use AWS StackSets to create the roles in the member accounts for GitHub to assume.

# What We Will Accomplish

After completing this section, you will have:

Root account secured with MFA and no access keys
AWS Organization created with all features enabled
5 member accounts: Development, Staging, Production, Security, and Shared Services
Organizational Units for logical grouping
IAM Identity Center (AWS SSO) enabled for centralized access
Cross-account access configured via OrganizationAccountAccessRole
IAM admin user created for Terraform

Terraform Organization →