APAWS

Share this post

APAWS
APAWS
🐾Architecting ML on AWS: Accounts structure blueprint🐾
Copy link
Facebook
Email
Notes
More

🐾Architecting ML on AWS: Accounts structure blueprint🐾

Oct 30, 2023

Share this post

APAWS
APAWS
🐾Architecting ML on AWS: Accounts structure blueprint🐾
Copy link
Facebook
Email
Notes
More
Share

🤓In case you just starting with using SageMaker Studio for your machine learning workloads and wonder how you should structure accounts for it — this post is for you.

Why use a multi-account approach by creating separate accounts for ML workloads?

🔹Security and Ownership
Isolating ML workloads in their own AWS accounts allows you to align the ownership and decision-making with those accounts and avoid dependencies and conflicts with how workloads in other accounts are managed. It limits the risks of application-related issues, misconfiguration, or malicious activities.

🔹Cost Management
Machine learning workloads can be resource-intensive and potentially costly. By having a separate AWS account, you can set up budgets and alerts, create reports, and forecast expenses specifically for related ML workloads.

Which options do you have for the account structure while using a multi-account approach?

🔸 Separate account just for ML development
In this case, you create a separate account for ML development with SageMaker Studio and MLOps set up in it. Testing and production accounts are shared between all the company’s workloads. It’s suitable for companies with a small number of workloads.

🔸Separate accounts for ML development, testing, and production
It’s also called the centralized model account structure. In this case, you create separate accounts for ML development, testing, and production. This option gives the ML team full control over their resources, which simplifies debugging and speeds up bug fixes in a production environment. But at the same time, ML teams work together in the same environment, so this option is not suitable for cases when resources should be separated for each team.

🔸Separate accounts for each ML team
This approach has two variations: decentralized and federated model account structure. In both options, you create separate development, testing, and production accounts for each ML team. But in the first option, you have a centralized tooling account with your MLOps setup, and in the second one, each team has a separate account for that. These options allow you to separate resources for each team.

References:
📝Build a Secure Enterprise Machine Learning Platform on AWS: AWS accounts
📝SageMaker Studio Administration Best Practices: Operating model
📝Organizing Your AWS Environment Using Multiple Accounts

If you like this post, you can share APAWS newsletter with friends:

Share APAWS

Thanks for reading APAWS ❤️ Subscribe for free to receive new posts and support my work.

Share this post

APAWS
APAWS
🐾Architecting ML on AWS: Accounts structure blueprint🐾
Copy link
Facebook
Email
Notes
More
Share

Discussion about this post

No posts

Ready for more?

© 2025 Anna Pastushko
Privacy ∙ Terms ∙ Collection notice
Start WritingGet the app
Substack is the home for great culture

Share

Copy link
Facebook
Email
Notes
More