Zalando Manages 140 Kubernetes Clusters
srcco.de>Each cluster lives in a completely new and isolated AWS account.
Google Cloud does this so well. I still dont understand why AWS cant create project level isolation. Conceptually it is IAM with some namespaces ... or even autogenerated IAM.
But the usability is incredible.
True, but at least they now have an API for account creation (AWS Organizations) --- it was really painful in 2015/16 to script (in the browser!) all necessary steps for account creation (add credit card, remove it again [to switch to invoice], etc)
No it doesn't work very well. Because AWS organisation absorb billing as well. We use reseller billing in both AWS and GCP.
In GCP, the projects don't affect the billing. However in AWS, I can't have accounts in one organisation and consolidated billing in another (the reseller Organization).
Its a mess.