Managed Savings Pods

Every North AWS member account is physically isolated from all other member accounts, ensuring strict customer-to-customer data separation at the infrastructure level. Each member account is protected by four distinct layers of security controls, including dedicated logging and auditing tailored for that account.

These accounts are monitored continuously for anomalous or extraneous costs that may indicate unexpected behavior. North employs a Control Tower framework to quickly investigate any issues at the account level and, if necessary, can proactively detach and isolate the affected account from your organization to prevent broader risk.

Additionally, customers retain complete authority over their AWS Organization—at any time, you can immediately remove North’s account or any Savings Pod from your Organization. This action instantly revokes all access and ensures you are always in control, especially in emergency situations.

Why member accounts?

North Member Accounts: Maximizing Customer Security & Autonomy

North deploys member accounts within your AWS Organization specifically to manage Savings Plans and Reserved Instances on your behalf. This architecture is designed with customer sovereignty and security as a top priority:

• You Own the Billing Account & Organization: North never takes over your AWS billing account or Organization. You always retain full administrative control and ownership.

• No Exposure to External SCPs (Service Control Policies): North member accounts operate within your Organization but never impose or inherit any Service Control Policies (SCPs) from North, its sub-processors, or other third parties. You are not subject to security policies set by North, its staff, or any outside administrators, your Organization’s security and compliance boundaries remain fully and solely under your control.

• Minimized 3rd Party Risk: By never transferring your root billing account or Organization control to a reseller or external party, you avoid risks associated with potential 3rd party security events or compromises affecting SCP administration. We highly discourage companies from doing so.

• Full Disconnect at Any Time: At any moment, you can remove North’s member accounts from your Organization through native AWS controls. This instantly disconnects North’s access and halts any service operation across your organization—giving you rapid, autonomous control for security, compliance, or business needs.

• Customer-First Approach: North’s model means you are never locked in or made dependent on a North-controlled environment. All privileges remain with your administrators at all times.

This structure ensures your AWS Organization stands independent, secure, and insulated from any external policy risk while benefiting fully from North’s FinOps automation and optimization capabilities.

Frequently Asked Questions

Q: What access do North Savings Pods have in our AWS Organization? A: None. Each pod only has read-only billing permissions for its own account, allowing North to monitor savings and usage. Pods cannot access any other accounts or resources in your AWS Organization.

Q: How are Savings Pods secured? A: Each pod is protected at root with password encryption and MFA. No extra IAM permissions exist, ensuring no unintended access. Activity and spend are strictly monitored—pods act as “dark sites” used only for managing commitments.

Q: What happens to pod costs if a pod leaves our Organization? A: Any North account leaving your org will default to its own AWS payment method for billing. This is AWS standard behavior. More info: AWS account removal docs