PATTERN Cited by 2 sources

Automated account factory

Intent

Fully automate the provisioning of new tenant accounts in a multi-account SaaS architecture, reducing time-to-ready from hours/days to minutes with near-zero incremental cost.

Problem

In account-per-tenant models at scale, manual account creation becomes a bottleneck. Each new tenant needs: account creation, baseline security policies, IAM role bootstrapping, initial infrastructure deployment, and registration with fleet management tools. Done manually, this blocks onboarding and introduces human error.

Solution

A Step Functions state machine in the management account orchestrates the full account lifecycle:

1. Create account via AWS Organizations API.
2. Wait for activation (account becomes usable).
3. Apply baseline SCPs (Service Control Policies) for security guardrails.
4. Bootstrap cross-account IAM roles for management access.
5. Trigger initial CloudFormation StackSet deployment (networking, logging, monitoring baseline).
6. Register as a StackSet target for ongoing fleet updates.
7. Seed tenant-specific configuration data.
8. Notify platform tooling that tenant is ready.

Result: <15 minutes from request to ready, at near-zero incremental cost per run.

When to use

• Account-per-tenant SaaS platforms expecting continuous tenant growth.
• Environments requiring consistent baseline security/compliance across all accounts.
• Platforms where manual provisioning has become a scalability bottleneck.

Seen in

• sources/2026-06-29-aws-lessons-learned-from-scaling-to-1-million-lambda-functions — ProGlove's automated account factory delivering <15 min provisioning at thousands-of-accounts scale.
• sources/2026-02-25-aws-6000-accounts-three-people-one-platform — ProGlove's detailed account-creation workflow using Step Functions + Organizations.