AWS Account Setup for Multiple Environments with Easy Switching Between Accounts

How I setup multiple AWS accounts (for dev, staging, prod, etc.) under a single AWS “organization”, but make it easy to have a single user IAM account one logs in with, and then easily switch among the environment accounts. This keeps your dev and production AWS resources siloed to their own accounts, without your developers needing to have a separate IAM account for every environment. It also makes IAM user management easier. I use this regardless of the size of the project/company.

In my understanding this also generally follows how AWS recommends setting up accounts (at least in terms of separate accounts for different environements and use of an organization).

Note, SSO may be a better(?) option, even if you are a small or single person org. I have yet to explore using SSO for this, but see Paul Swail’s “Use SSO instead of IAM users to connect to your AWS accounts” article.

Update 19Mar2022

Potentially automating and combining what I describe, and the SSO option, as well as providing template standardization, etc. is AWS Control Tower. Dean Stringer was nice enough to point this out (thanks!). I haven’t had a chance to really look into it, but it does indeed look like the official way to orchestrate this per AWS.