Skip to content
Arda Platform Documentation

AWS Account Creation

Arda Systems uses a multi-account AWS structure. Each Infrastructure maps to one AWS account. This guide walks through creating a new account in that structure.

1. Collect the Information

Section titled “1. Collect the Information”

Before starting, gather:

Google Workspace:

  • Access to the Admin Console (or equivalent permissions to create Groups).
  • The email address that will be used to create the AWS account.

AWS:

  • Root User credentials (available in 1Password, Arda-SystemsOAM vault).
  • Account Name: must match the name of the Infrastructure it will be associated with.
  • Organizational Unit:
    • Development — for Development Infrastructures
    • Platform/Production — for regular Production Infrastructures
    • Platform — for OAM Infrastructures

2. Create the Email Address (Google Workspace)

Section titled “2. Create the Email Address (Google Workspace)”

Every AWS account requires a unique email address. Arda uses sub-addressed groups following the scheme infra.<kind>+<qualifier>.<revision>@arda.cards.

Existing base groups:

  • infra.sandbox@arda.cards
  • infra.nonprod@arda.cards
  • infra.prod@arda.cards

Example sub-addresses:

  • infra.sandbox+kyle.001@arda.cards
  • infra.nonprod+amm.014@arda.cards
  • infra.prod+oam.005@arda.cards

Important: The email address must be between 6 and 64 characters long. The scheme adds a fixed overhead of 26 characters, leaving ample space for a 35-character qualifier and a three-digit revision.

Do not create new groups following the legacy pattern systems-<infrastructure>@arda.cards.

Steps

Section titled “Steps”
  1. Log into the Google Admin Console.
  2. Navigate to Directory → Groups.
  3. Click Create Group and fill in:
    • Group Name: Infrastructure <kind> (e.g., Infrastructure NonProd)
    • Group Email: infra.<kind>@arda.cards (e.g., infra.nonprod@arda.cards)
    • Group Owners: Copy from systems@arda.cards group.
    • In permissions, disable Allow external members.

3. Log into AWS as Root User

Section titled “3. Log into AWS as Root User”
  1. Go to the AWS Root Login page.
  2. Select Root User and enter credentials (or use 1Password to fill them in).
  3. Navigate to AWS Organizations (search for “Organizations” in the search bar).

Note: If the login process shows an error, refresh the page or click Sign In again.

4. Create the Account in the Appropriate OU

Section titled “4. Create the Account in the Appropriate OU”
  1. In AWS Organizations, select the Organizational Unit matching the Infrastructure type.
  2. Click Add an AWS account (top right, orange button).
  3. Select Create an AWS account and fill in:
    • AWS account name: Name of the Infrastructure (e.g., NonProd-amm-023)
    • Email address: The email created in Step 2 (e.g., infra.nonprod+amm.023@arda.cards)
    • IAM role name: Leave as default OrganizationAccountAccessRole
  4. Click Create AWS account.

5. Set Up Access to the New Account

Section titled “5. Set Up Access to the New Account”
  1. Navigate to IAM Identity Center (search for it; ensure the us-east-2 region is selected).
  2. Go to AWS Accounts in the left menu and select the account you just created.
  3. Click Assign users or groups and select the appropriate groups. Do not assign individual users.
  4. On the next page, select the DevelopmentAdmin permission set.
  5. Review and click Submit.

6. Finalize

Section titled “6. Finalize”

The account is created and configured for access by the selected groups. For additional permissions or new users, use the IAM Identity Center Groups section or Permission Sets.

Copyright: © Arda Systems 2025-2026, All rights reserved