Account Ownership Models

When you use Stax to manage your AWS accounts, you can enter into different AWS account ownership models.

Article Tags
On This Page
TermsAccount Ownership MatrixCustomer Owns All AccountsReseller Owns Management Account, Customer Owns Member AccountsReseller Owns All AccountsSee also

Stax supports customers and their resellers in a variety of different account ownership models. The model in use is determined as part of the commercial enablement of a Stax tenancy.

There are different account ownership models enabled by Stax:

  • Customer owns all accounts
  • Reseller owns management (billing) account, customer owns member accounts
  • Reseller owns all accounts

The ownership model is a decision made at the commencement of your Stax agreement and applies to all Stax-managed AWS accounts.

Terms

  • Account Ownership: Account ownership refers to the entity that is responsible for the root user credential for a given AWS account, and therefore, owns the account itself. Certain tasks can only be completed by logging in with the root user credential, and therefore, can only be completed by the account owner (which may be the customer or reseller depending on the model). The entity that owns a given AWS account is ultimately responsible for what is operating within that account as it is bound by the AWS end-user agreement.

  • Email Address Template: When AWS accounts are created by Stax, an email address must be specified for the root user credential. This email address conforms with a defined template.

  • Management Account: This is the AWS account at the top of the AWS Organization. See AWS Organizations terminology and concepts for more.

  • Member Account: A member account is any AWS account that belongs to an AWS Organization. See AWS Organizations terminology and concepts for more.

Account Ownership Matrix

ModelManagement Account OwnerMember Account Owner
Customer owns all accountsCustomerCustomer
Reseller owns management account, customer owns member accountsResellerCustomer
Reseller owns all accountsResellerReseller

Customer Owns All Accounts

In this model, all AWS accounts are owned by the customer. The email address template for management and member accounts uses the customer's email domain, and only the customer can perform root user credential password resets and tasks that require the root user credential.

Reseller Owns Management Account, Customer Owns Member Accounts

In this model, all member accounts are owned by the customer, and the management account is owned by the reseller. The email address template for member accounts uses the customer's email domain, and only the customer can perform root user credential password resets and tasks that require the root user credential for these accounts. The management account is owned and managed by the reseller, and is not accessible by the customer.

Reseller Owns All Accounts

In this model, all AWS accounts are owned by the reseller. Only the reseller can perform root user credential password resets and tasks that require the root user credential.

See also