Scaling AWS with Guidelines Development:
Strengthening Governance and Security with a Multi-Account Strategy
Date Published:14 JANUARY 2026
- Urgently needed unified rules to support accelerating AWS adoption
- Needed to establish operations design and standardize the AWS environment
- Managed multiple systems under a single AWS account
- On-prem connectivity was not designed to scale as VPC environment expanded
- Established guidelines that adhere to AWS best practices
- Strengthened security and governance by architecting a multi-account environment
- Began account segmentation through coordination with system owners
- Built on-premises connectivity using AWS Transit Gateway
- Grew in-house AWS knowledge and developed in-house operations capability
Known for confectionery products like Alfort and Lumonde, Bourbon Corporation manufactures a wide range of food products. As the company shifted its infrastructure toward Amazon Web Services (AWS), it established AWS guidelines to improve system quality and strengthen security and governance. The team segmented multiple systems that had been running on a single account into a multi-account environment, then added AWS Transit Gateway (TGW) to connect that environment with on-premises servers. We spoke with five members of the Digital Promotion Division about the Classmethod-supported project: Mr. Kondo, Mr. Yamaguchi, Mr. Tsunoda, Mr. Ota, and Mr. Miyazaki.
Preparing for Broader AWS Adoption: Unified Rules and Account Segmentation
Founded in Kashiwazaki, Niigata Prefecture, Bourbon celebrated its 100th anniversary in November 2024. Committed to a “Quality Assurance is Priority One” philosophy, the company produces a diverse lineup that spans biscuits, chocolate, candy, rice crackers, snacks, bean confections, beverages, food products, and frozen desserts.
To reduce the operational burden of maintaining physical server hardware, Bourbon began migrating to the cloud around 2019, with AWS at the center of that shift. A few years in, the number of Amazon EC2 virtual servers had grown to nearly 40 servers, and new operational challenges started to surface.
“The person who originally led our AWS adoption had left the company,” Mr. Yamaguchi said, “and we’d been operating without a dedicated person in charge (PIC) ever since. There were no unified rules, and we fell behind on aligning with AWS best practices, standardizing security guidelines, and establishing proper operations design. As our AWS usage grew, continuing without a structured framework wasn’t sustainable.”
The absence of a dedicated PIC also affected account management. Since adopting AWS, Bourbon had operated on a single account, building multiple systems within the same virtual private cloud (VPC). Production, validation, and development environments all lived in the same AWS account. Multiple users held powerful administrative privileges, raising security and governance risks. On top of that, maintaining cost allocation tags and apportioning AWS charges across departments had become a burden. To address these challenges, the team moved to implement account segmentation aligned with AWS best practices.
Mr. Yamaguchi said, “In anticipation of growing AWS usage, we moved to standardize internal rules and deploy a multi-account environment to resolve these underlying issues.”
Assembling a Cross-Functional Dedicated Project Team to Develop AWS Guidelines
To develop the guidelines and execute the account segmentation, Bourbon turned to Classmethod, their existing provider for “Classmethod Members” billing services. Building on this established relationship and Classmethod’s proven track record, the team requested their technical support for the project.
“Classmethod was already well-versed in our AWS environment through their previous work on our data analysis platforms, technical inquiry response and in-house development support,” Mr. Yamaguchi noted. “From a technical perspective, they have a large number of certified professionals and hold the highest number of AWS All Certifications among AWS Partners in Japan, making them a vendor we could rely on.”
The project kicked off in April 2024, with guidelines development running through September. Classmethod provided a sample and draft version of the guidelines, which the team used as a starting point. The project involved weekly workshops to review draft topics including account design, network design, identity management, and security settings. By integrating the company’s internal approval processes and existing rules, the team ensured the final version was tailored to Bourbon’s specific operational needs.
One distinctive aspect of the project was how the team recruited members cross-functionally, actively encouraging new graduates and AWS beginners to participate.
“Because we were fundamentally rethinking and rebuilding our AWS foundation, it was an ideal opportunity for members to learn the basics,” Mr. Yamaguchi said. “We brought in three new graduates as part of their training and formed an eight-person dedicated project team that included experienced engineers.”
Mr. Tsunoda, who held several AWS certifications but lacked hands-on experience, described his experience: “I focused on absorbing the technical knowledge during the guidelines development phase and used the workshops to resolve questions as they arose. Classmethod’s engineers fostered an environment where it was easy to ask questions, which helped me stay fully engaged in the project.”
“AWS was completely new to me,” Mr. Miyazaki said. “I was looking up terms constantly. But Classmethod’s engineers explained things in a way I could follow, and I managed to keep up with the senior members.”
Architecting a Multi-Account Environment Based on the AWS Guidelines
Starting in September 2024, the team initiated account segmentation based on the newly established guidelines. They implemented a multi-account environment using AWS Organizations and AWS Control Tower, managing accounts through dedicated Organizational Units (OUs) for security, infrastructure, and workloads. The infrastructure and workload OUs were further categorized into development, validation, and production environments, with Service Control Policies (SCPs) applied to restrict and govern usage within each.
“Because we aimed to build in-house technical expertise, we took a hands-on approach to the configuration,” noted Mr. Yamaguchi. “With Classmethod providing a structured list of required tasks, our members selected their own assignments on a volunteer basis. This led to the successful setup of over a dozen features, such as enabling AWS Control Tower and organizing the OU structure.”
Mr. Ota, who joined the project in his second year with the company with no prior AWS development experience, described the process: “Classmethod provided a clear configuration runbook complete with screenshots, which allowed me to complete the setup without any issues. Gaining hands-on experience with AWS served as a significant opportunity for my professional growth.”
“Even when I hit a wall or didn’t understand something,” Mr. Tsunoda said, “I could ask Classmethod’s engineers through Backlog and get a precise answer. That deepened my understanding of AWS features.”
With the multi-account environment complete, the team turned to migrating systems still running on the single account.
“We are currently organizing our EC2 instances, setting priorities, and coordinating with system owners regarding their migration,” explained Mr. Yamaguchi. “New and replacement systems are already being assigned to accounts under AWS Organizations, and the number of managed systems continues to grow steadily.”
Building an AWS Transit Gateway Environment to Connect Multiple VPCs with On-Premises Systems
From August to September 2025, after completing the multi-account environment, the team added TGW as a central routing hub to interconnect VPCs with the on-premises network.
“We had originally connected our VPCs via AWS Direct Connect Gateway as an interim measure,” noted Mr. Kondo. “However, since there is a fixed limit on the number of virtual private gateways that can be attached, we realized our growing number of VPCs would soon reach that threshold. We decided to build a TGW environment to provide a more scalable foundation for the future.”
With Bourbon’s company-wide SASE rollout as a prerequisite, the team engaged Classmethod to handle the TGW architecture design, AWS environment design and construction, and technical support. Following the environment setup, Bourbon’s own engineers used the configuration runbook prepared by Classmethod to connect the AWS environment with SASE internally. The result was a connected environment linking multiple VPCs with on-premises core systems.
A Solid Foundation for Accelerating AWS Adoption
With the project complete, the team views the newly established foundation as a pivotal outcome.
“Our operations now run consistently because they are governed by guidelines tailored to our specific company rules,” Mr. Yamaguchi said. “The transition to a multi-account architecture has strengthened our governance and security, allowing us to provision new AWS accounts with complete confidence.”
The project also built internal expertise and deepened their understanding of AWS. This experience allowed younger members to develop their skills, ultimately strengthening the division’s overall capacity for development and operations.
“Developing guidelines from scratch was unlike anything we’d done before,” Mr. Kondo said. “The team gained significant insights while studying throughout the process, and the resulting value to the organization has been substantial.”
The team valued Classmethod’s professionalism throughout the engagement.
“Classmethod’s engineers demonstrated exceptional expertise, providing immediate answers to nearly every technical question we raised,” Mr. Yamaguchi said. “Whenever a complex issue required further research, they followed up promptly. During the guidelines phase in particular, they identified critical points we had overlooked and provided very clear, actionable advice.”
“The project remained on schedule with no delays thanks to their rigorous management,” Mr. Kondo added. “This level of organization reinforced our impression of their high professional standards.”
Mr. Miyazaki described how the undertaking affected him personally: “Coming to AWS as a beginner, I was deeply impressed by the Classmethod engineers. Aspiring to reach their professional standard became my motivation to learn, and I am thankful that the project gave me such a clear goal.”
Scaling AWS Through Governance Guidelines
The immediate priority is to migrate existing systems from the single account into the multi-account environment to complete the account segmentation process. Additionally, the team plans to formalize the use of opswitch, Classmethod’s operations automation tool, and establish a structure where all members of the System Administration Section share management responsibilities.
Beyond AWS, Bourbon’s use of other cloud services is expanding. The company is considering scaling the guidelines development approach to those platforms as well. Looking further ahead, the team has in-house development of a meeting minutes application using Amazon Bedrock and the use of AI agents on its radar.
“There is no doubt that cloud adoption will continue to expand,” Mr. Kondo said. “As SASE grows alongside it as our network backbone, we will continue to refine our environment and operational structure to leverage the full potential of both. We look forward to Classmethod’s continued support throughout this journey.”
Guided by its corporate motto, “Great taste. Made with love. Always.”, Bourbon continues to deliver smiles through its products. Classmethod remains committed to supporting Bourbon’s stable system operations and providing solutions that respond to the company’s changing needs.