Diagram of a Substrate-managed AWS organization
A Substrate-managed AWS organization
- Management account: Creates the AWS organization and organization-wide CloudTrail. Receives your bill.
- Audit account: Stores the organization-wide CloudTrail.
- Deploy account: Facilitates moving objects between accounts via S3. Useful as part of CI/CD processes.
- Network account: Creates VPCs and shares them into all the right service accounts.
- Admin account: Integrates with an identity provider, serves the Intranet, and helps authorized humans get into AWS.
- Service accounts: Contain all the rest of the AWS resources, serve your production traffic, and protect customers' data.