Example: Modeling a multi-account application

This example shows how to model a large e-commerce platform with 30 services across 10 accounts in Next generation Resilience Hub.

To model a multi-account application

Create the system in a central account.

Start by creating a single system that represents the entire e-commerce platform. Create the system in your central governance account and enable cross-account sharing:
```
aws resiliencehubv2 create-system \
  --name "acme-ecommerce" \
  --description "Acme Corp e-commerce platform" \
  --sharing-enabled
   
```

Create services in their respective accounts.

Each team creates their service in their own account, referencing the central system ARN:



# In account A (auth team)
aws resiliencehubv2 create-service \
  --name "auth-service" \
  --regions '["us-east-1", "us-west-2"]' \
  --permission-model '{"invokerRoleName": "AWSResilienceHubAssessmentRole"}' \
  --associated-systems '[{"systemArn": "arn:aws:resiliencehub:us-east-1:111111111111:system/acme-ecommerce:abc123"}]'

# In account B (checkout team)
aws resiliencehubv2 create-service \
  --name "checkout-service" \
  --regions '["us-east-1", "us-west-2"]' \
  --permission-model '{"invokerRoleName": "AWSResilienceHubAssessmentRole"}' \
  --associated-systems '[{"systemArn": "arn:aws:resiliencehub:us-east-1:111111111111:system/acme-ecommerce:abc123"}]'

Add input sources to each service.

Each team adds their resource discovery configuration:



# Auth team adds their CloudFormation stack
aws resiliencehubv2 create-input-source \
  --service-arn "arn:aws:resiliencehub:us-east-1:222222222222:service/auth-service:def456" \
  --resource-configuration '{"cfnStackArn": "arn:aws:cloudformation:us-east-1:222222222222:stack/auth-prod/..."}'

# Checkout team adds their EKS cluster
aws resiliencehubv2 create-input-source \
  --service-arn "arn:aws:resiliencehub:us-east-1:333333333333:service/checkout-service:ghi789" \
  --resource-configuration '{"eks": {"clusterArn": "arn:aws:eks:us-east-1:333333333333:cluster/checkout-cluster", "namespaces": ["checkout"]}}'

Define user journeys.

Create user journeys in the central account that group services by business capability:



aws resiliencehubv2 create-user-journey \
  --system-arn "arn:aws:resiliencehub:us-east-1:111111111111:system/acme-ecommerce:abc123" \
  --name "Path to purchase" \
  --description "Customer browses, adds to cart, and completes checkout"

Apply a resilience policy.

Create a policy and associate it with services:



# Create a policy
aws resiliencehubv2 create-policy \
  --name "mission-critical" \
  --availability-slo '{"target": 99.99}' \
  --multi-az '{"rtoInMinutes": 5, "rpoInMinutes": 1, "disasterRecoveryApproach": "ACTIVE_ACTIVE"}' \
  --multi-region '{"rtoInMinutes": 30, "rpoInMinutes": 5, "disasterRecoveryApproach": "WARM_STANDBY"}'

# Associate with a service
aws resiliencehubv2 update-service \
  --service-arn "arn:aws:resiliencehub:us-east-1:333333333333:service/checkout-service:ghi789" \
  --policy-arn "arn:aws:resiliencehub:us-east-1:111111111111:policy/mission-critical:xyz"

Run assessments.

Start a failure mode assessment on each service to identify resilience gaps:



aws resiliencehubv2 start-failure-mode-assessment \
  --service-arn "arn:aws:resiliencehub:us-east-1:333333333333:service/checkout-service:ghi789"

Services can be added incrementally – start with the most critical services and onboard more over time. The system-level view in the console shows all services across accounts in a single canvas.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Viewing service topology

Resilience policies