Skip to main content

Account Ownership Models

When you use Stax to manage your AWS accounts, you have the option to enter into either a direct relationship with AWS, or a resold relationship whereby Stax works with your reseller to issue you invoices for AWS consumption. The model in use is determined as part of the commercial enablement of a Stax tenancy.

There are different account ownership models enabled by Stax:

  • Direct

  • Resold

The ownership model is a decision made at the commencement of your Stax agreement and applies to all Stax-managed AWS accounts.

Terms

  • Account Ownership: Account ownership refers to the entity that is responsible for the root user credential for a given AWS account, and therefore, owns the account itself. Certain tasks can only be completed by logging in with the root user credential, and therefore, can only be completed by the account owner (which may be the customer or reseller depending on the model). The entity that owns a given AWS account is ultimately responsible for what is operating within that account as it is bound by the AWS end-user agreement

  • Email Address Template: When AWS accounts are created by Stax, an email address must be specified for the root user credential. This email address conforms with a defined template.

  • Management Account: This is the AWS account at the top of the AWS Organization. See Accounts and AWS Organizations terminology and concepts for more.

  • Member Account: A member account is any AWS account that belongs to an AWS Organization. See AWS Organizations terminology and concepts for more.

Account Ownership Matrix

ModelManagement Account OwnerMember Account Owner
DirectCustomerCustomer
ResoldResellerCustomer

Direct

In this model, all AWS accounts are owned by the customer. The email address template for management and member accounts uses the customer's email domain, and only the customer can perform root user credential password resets and tasks that require the root user credential.

This model allows AWS accounts to be created either within Stax using the Console, API, or SDK, or using native AWS APIs and capabilities.

Resold

In this model, all member accounts are owned by the customer, and the management account is owned by the reseller. The email address template for member accounts uses the customer's email domain, and only the customer can perform root user credential password resets and tasks that require the root user credential for these accounts. The management account is owned and managed by the reseller, and the customer has limited access to this account.

This model requires that AWS accounts are created within Stax using the Console, API, or SDK.