Migration of Shared Payer to Dedicated Payer

SoftwareOne is an AWS Premier Partner & AWS MSP Partner and as such, are mandated to ensure our customers meet ongoing changes to AWS guidelines, policies and best practices. According to our records, you have one or more AWS accounts under what is referred to as a ‘Shared Payer’ model. This model is less flexible for you as a customer, has limitations in being able to meet the latest iteration of AWS requirements and restricts enhanced and automated processing of your AWS consumption invoices. As a result, SoftwareOne has initiated a project to convert all Shared Payer accounts to Dedicated Payer accounts, which remove these limitations and provide you with significantly more flexibility, functionality and control.

FAQs

What are the differences between a Shared Payer and a Dedicated Payer?

Shared Payer Model:

In the Shared Payer model, as your Service Provider, the Management Account is managed by SoftwareOne.

Multiple linked accounts are securely segregated and assigned to different customers.
Suitable for small customers with 1 or 2 accounts and limited needs for centralised management and security standards (such as CIS, PCI, HIPAA, etc).
Commonly used by customers who may have adopted a legacy method of workload separation (e.g. VPC per workload).

Dedicated Payer Model:

In the Dedicated Payer Model, the Management Account still managed by SoftwareOne, but dedicated to a single customer.

This model allows centralised management of workloads spread across multiple linked accounts.
The customer has their own dedicated AWS Organization, allowing for greater granularity and security of workloads, including the ability to utilise AWS Control Tower.
The customer has administrative access to management controls, including creating new accounts, defining centralised networks, implementing security standards, and managing costs centrally.

What’s the benefit of a dedicated payer?

Enhanced Control and Flexibility:

With Dedicated Payer accounts, you have administrative control over the management account.
You can create new linked accounts, define centralised networks, and implement security standards according to your specific requirements.
This flexibility allows you to tailor the setup to your organization’s needs.

Centralised Management:

The Dedicated Payer model enables centralised management of workloads across multiple linked accounts, according to modern AWS best practices.
You can efficiently manage resources, monitor usage, and enforce consistent policies.
This centralised approach simplifies administrative tasks and scalability of your solutions.

Improved Security and Compliance:

By having a dedicated management account, you can implement security standards (such as CIS, PCI, and HIPAA) consistently across all linked accounts.
Compliance requirements can be met more effectively, ensuring a secure environment for your workloads.
Provides the ability to improve security via workload segregation.

Cost Optimisation:

Centralised cost management allows you to monitor spending, optimise resource allocation, and identify cost-saving opportunities.
There may be a small financial impact in support fees; customers tell us that the cumulative benefits significantly outweigh the negligible costs.

Scalability and Workload Isolation:

As your organization grows, the Dedicated Payer model scales seamlessly to your requirements.
Workloads can be isolated within individual linked accounts, preventing interference between different projects or teams, providing more granular access and reporting.

Control Tower:

AWS Control Tower simplifies the process of setting up and governing a secure, multi-account AWS environment, enabling organizations to achieve operational excellence while maintaining security and compliance.
AWS Control Tower (or any other common landing zone pattern) is not available in Shared Payer model.

Is there a financial impact?

The addition of a Dedicated payer account will have near zero financial impact. As per AWS Well-Architected best practices, no workloads should be provisioned in the management payer account.

Will there be any change in the SoftwareOne service?

No, the scope or pricing of the service will not change. However, SoftwareOne is now able to perform billing automation, which should result in quicker processing time for your invoices. Furthermore, SoftwareOne will enable spend anomaly detection on all your accounts. This feature will inform you when malicious or abnormal spending is detected in any of your accounts, reducing the risk, impact and cost of unplanned spend and potential security breaches by bad actors.

Why wasn’t I onboarded to a dedicated payer initially?

AWS has historically recommended Shared Payers for AWS customers who have low spend, or don’t require enhanced features; those who could benefit from a shared support contract, or prefer the solution provider to manage the management account. Shared Payers are still supported by AWS directly; however, the new AWS partner requirements do not permit SoftwareOne to continue with the legacy Shared Payer model.

Is there any action required from me?

If the root account alias of your AWS Accounts is @SoftwareOne.com, no customer actions are required. AWS Accounts where the root account is under your own alias will receive an invite to this alias to join a new AWS master payer. You will be informed by SoftwareOne’s project manager when this invite is sent.

Will there be any interruption of my AWS resources when moving to a dedicated payer?

No, the transition is limited to an administrative change and will not impact your workloads.

What if I don’t want to transfer to a dedicated payer?

The AWS MSP programme mandates that SoftwareOne cannot retain customers under the Shared Payer model. If you choose not to transfer to a Dedicated Payer, SoftwareOne will proceed with terminating the Simple for AWS contract and assist you in transitioning back to your company credit card.