AWS Pipeline architecture for delivery of containers across multi-account setup

AWS as a cloud provider enables customers to quickly deploy, automate and scale out services and applications in the cloud without compromising on the core principles of a well architected framework.

One of the key considerations in the cloud is to deliver secure resources with isolation between organizational/delivery environments. AWS ensures isolation and security by providing the option to provision accounts. An account in itself provides a secure boundary with isolations at Identity/Billing level thereby providing the independence of resources within the accounts. Any resource within an account naturally isolates itself from other resources in different accounts.

The recommended approach is to setup multiple accounts for different kind of workloads and environments. An account strategy can vary from organization to organization and can be driven through several requirements and team structures.

AWS provides several tool sets and services to enable multi account structures and one of the key offering is AWS Control Tower and Organizations. The use of account factory and SCPs helps with standardizing the setup of accounts and controlling guard rails and policies from a centralized control plane.

One big challenge for organizations in a multi account setup is the delivery and management of resources and applications. Imagine an organization with 500+ AWS accounts will need 200 FTEs to manage their…