Playbooks

Cloud account architecture

Account, subscription, and project layout that scales with teams and risk.

We design orgs, accounts, and subscriptions so ownership, blast radius, and cost are obvious to everyone.

Isolation is the primary control surface.
Org layout mirrors risk, domains, and teams.
Guardrails are explicit, not tribal knowledge.
Costs and ownership are easy to trace.

Baseline structure

A layout that works across AWS, Azure, and GCP. Names differ; intent does not.

Organization or tenant containing all accounts.
Groupings for security, shared services, dev/test/prod, analytics.
Clear mapping between teams and account groups.