What is the breakdown of accounts in the Ref Arch?
A customer asked: > Do you have one network account, which has all the VPC/DNS rules and infra defined, or do you recommend having separate dev, stage and prod accounts?
- **Security**: for centralized authentication to other accounts, including management of IAM users, groups, and roles. - **Logs**: A log archive account that contains a central Amazon S3 bucket for storing copies of all AWS CloudTrail and AWS Config log files. - **Shared**: Shared services account for sharing resources such as Amazon Machine Images (AMIs) and Docker images with other accounts. This account can also be used to provide common infrastructure such as self-hosted CI/CD systems and monitoring systems (e.g. Grafana) with other accounts. - **Dev**: A dedicated app account for development purposes, intended to isolate early development releases from the rest of your infrastructure. - **Stage**: A dedicated app account for hosting staging, testing, and/or QA environments. - **Prod**: A dedicated app account for production deployments, intended for live environments used by customers.