Skip to main content
Skip table of contents

AWS Account Resale Models - ECAM vs SPAM

The AWS Solution Provider Program, which is designed for AWS Partners to resell AWS services, has two resale models that AWS dictate how a solution provider can engage and contract with their end customers:

In both resale models, the provider must hold ownership of the master AWS account (payer account). As per the Solution Provider Program model and in line with other partners, SoftwareOne is responsible for the payment of all AWS invoices. Customer is responsible for payment of SoftwareOne invoices. As SoftwareOne owns the legal relationship with AWS, SoftwareOne requires ownership of the root account.

More information how we protect the customers root account can be found here.

End Customer Account Model (ECAM)

  • SoftwareOne owns the root user of the master AWS account (payer account) and the Multi-Factor Authentication (MFA) credentials.

  • The customer own the linked AWS accounts and is responsible for protecting the linked accounts with MFA and ensuring that it is stored securely.

  • Customers may have administrative access (IAM Users or IAM Roles) with some limitations to the master AWS account (payer account).

90% of all reported security incidents on AWS involved customers who had not enabled MFA on their linked accounts, or a single person who could access both root and MFA at the same time.
source: security report published by AWS in 2020

Risks for the customer with ECAM

  • Root Account Security for linked accounts is on customers responsibility

  • Customer is accountable for handling malicious spend with AWS, generated by internal/external bad actors

  • NO ACCOUNT ACCESS RECOVERY option in case linked account(s) access is locked

Solution Provider Account Model (SPAM)

  • SoftwareOne owns the root user of the master AWS account (payer account) and linked account including the Multi-Factor Authentication (MFA) credentials.

  • Customers may have administrative access (IAM Users or IAM Roles) with some limitations to the master AWS account (payer account). Customers have full administrative access to the linked accounts.

SPAM is our recommended model

SoftwareOne will protect all accounts with MFA following the industry-recognised four-eyes principle.

Benefits for the customer

  • SoftwareOne has secure access to support with Professional and Managed services

  • Root Account Security is managed by SoftwareOne according industry-recognised four-eyes principle.

  • Fast account access recovery in case linked account(s) access is locked

  • SoftwareOne is will assist customer in working with AWS in resolving spend anomaly issues, generated by internal/external bad actors

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close