Creating isolated, clean test environments within AWS


The Goal

We want to work within AWS without the risk of affecting our existing assets. Be it for adding a new user to your team, your own personal development or simply if you want to take a screenshot without exposing all your AWS assets to the world.

1. Create an organisation

Log in to AWS and click your username in the top right corner, then click "My Organization".

If you haven't already got an organisation you can create one here. Leave the default settings in place unless you have specific needs.

2. Add a new user

With an organisation set up, we can now begin adding new accounts. This is where the magic happens; each account you create is effectively a brand new, empty AWS account housed within the parent organisation. The account you were logged into when you created the organisation has admin access over that organisation and the power to add and delete accounts.

All you need to create a new account is a unique email address.

A note for Gmail users

This is where having a Gmail account comes in handy. Gmail give the ability create potentially infinite unique email addresses by appending a "+" and then a word onto your normal email.

For example, if your email is, you can send an email to and the email will end up in your inbox as if the +demo had no been written. This is useful in a variety in situations, but in this case it grants us an infinite number of unique email addresses that we can use. It doesn't have to be +demo, it can be, or whatever you like.

Click the Add Account button.

You can see from the above screenshot that I already have a 2nd demo account created using the +demo suffix to my Gmail account.

Next, click the Create Account option:

Enter an account name and a unique email address; in this case I am going to use another Gmail suffix address:

Finally, you will see your new account appear in the list:

3. Logging in as the new user

To sign in as the new user, simply sign out of you existing account (or open a private window) and enter the email address you used:

Chances are you will have to perform a password reset. Try logging in with your root password; if that fails, perform a password reset request. You will likely want to do this anyway if you plan on sharing this account with someone else.

After resetting your password, you should be able to log in to a completely empty, 100% isolated AWS environment that treats you as a new user.

Despite having many buckets in my main account, the above screenshots shows my new account is completely empty.

4. Billing

You should be aware that any costs incurred from this account will be charged to the account which owns the organisation.