Best Practices & architecture choices for Deploying AWS TEAM (Temporary Elevated Access Management)

[mibaraket-git]

Hello Community,

We are currently in the analysis phase for implementing the AWS TEAM (Temporary Elevated Access Management) solution, and we have a few questions regarding best practices and architecture choices. Here are our questions:

1. AWS Amplify vs EC2: Is it more cost-effective and efficient to use AWS Amplify instead of deploying the application on an EC2 instance?

2. TEAM Deployment: Should we deploy AWS TEAM on each individual account or at the organizational level (AWS Organization)?

3. Multi-Organization Support: Does AWS TEAM support multi-organization usage, allowing centralized management across multiple AWS organizations?

4. Single or Multiple URLs: If we deploy AWS TEAM across multiple organizations, will each organization have its own URL, or will there be a single shared URL for all organizations?

Thanks in advance for your insights and suggestions!
@tschia @astrovar @tawoyinfa

[tschia]

Hello, please feel free to reach out to your AWS account team (Account manager, SA, or TAM) and ask them to setup a call with me (Trevor Schiavone). That way we can go over your use case in more detail.

To answer your specific questions:
1/ The application makes use of AWS serverless services (Lambda, S3, DynamoDB) and is currently only intended for deployment via Amplify
2/ It is intended to be deployed at the Organization level in a delegated admin account
3/ It only supports a single organization as it's tied to the Identity Center deployment within that organization.
4/ n/a