mhausenblas

We in general recommend customers using multiple accounts. This is on the one hand for dealing with per-account limits (or: Service Quotas as they are called now) and on the other hand it helps with strengthening the security posture.

The question is now, how and where are cross-account operations supported?

https://aws.amazon.com/blogs/aws/new-aws-resource-access-manager-cross-account-resource-sharing/

https://aws.amazon.com/blogs/compute/managing-cross-account-serverless-microservices/

Access control (IAM)

Permissions across accounts (a re:Invent 2019 talk by Becky Weiss

https://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

https://aws.amazon.com/blogs/security/how-to-enable-cross-account-access-to-the-aws-management-console/

https://n2ws.com/blog/aws-cloud/managing-aws-accounts-cross-account-iam-roles

https://aws.amazon.com/blogs/apn/securely-accessing-customer-aws-accounts-with-cross-account-iam-roles/

https://aws.amazon.com/blogs/security/tag/cross-account-access/

Compute (containers & Lambda)

https://aws.amazon.com/premiumsupport/knowledge-center/secondary-account-access-ecr/

https://stackoverflow.com/questions/38128884/cross-account-role-for-an-aws-lambda-function

Networking

https://aws.amazon.com/blogs/networking-and-content-delivery/vpc-sharing-a-new-approach-to-multiple-accounts-and-vpc-management/

Data (S3, DynamoDB)

https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/

https://stelligent.com/2016/07/12/cross-account-access-control-with-amazon-sts-for-dynamodb/