Lots of AWS accounts
Accounts are the one true unit of isolation in AWS and are thus the most important primitive Substrate uses to help you deliver security, reliability, and compliance. Within one account, it’s too easy to grant overly broad privileges or accidentally couple your production environment to your development environment.
Use Substrate and multiple AWS accounts to…
Isolate development and production environments
Never worry about accidentally storing production data in development when there’s not even a network path between the two. Easily assure your auditors that development and production can't mix.
Isolate services from one another
Give each of your services their whole share of AWS’ API rate limits, effortless cost allocation, and the operational confidence to move fast without the ability to break other things.
Isolation via AWS accounts allows you to think about access controls in terms of environments and services instead of individual AWS resources like EC2 instances, RDS databases, and S3 buckets and deliver the security your business needs without leaks or compromises.