The Challenge

AWS customers often operate their business across multiple AWS accounts. This makes sense from an operational perspective to reduce blast radius, making fine-grained access control easier, separating costs, etc. However, customers needed a way to share their directory infrastructure across all those accounts as a directory is the central resource for access control.

The Requirements

The experience needed to enable you to share a directory with an AWS account inside your AWS Organization or any arbitrary AWS account. The process needed to consider sharing your directory might be performed by a single person signing into multiple AWS accounts or distinct AWS account operators. It needed to be a safe and clear process to accept a directory share and the accepting party needed to clearly understand that charges might be incurred.

The Process

We had a limited amount of time to deliver the designs, but also wanted to make sure to take time to test with users. We had a slow week in early December where several of the stakeholders could spare the entire week to work on the designs. Given these conditions I decided to run a design sprint with the team to accelerate the design process. I followed the process defined by Jake Knapp in his book Design Sprint. The working group consisted of a PM, lead engineer, software development manager, UX designer, and myself.

I led the team to discuss and align on the requirements and goals of the project. We defined sprint questions, project risks, how-might-we questions, and made a map of how a customer would use the feature.

I then led the team to look for inspiration in diverse places, capture their ideas, then bring them together to form more complete workflows for the process.

We sorted through the team’s ideas, aligned on the most promising ones, then built a prototype to test with. I facilitated the testing sessions with 4 remote participants. We used a “fake” blog post to introduce the concepts to the test participant to gauge their understanding of the feature then had them click through an Invision prototype and give us feedback on the process.

The Solution

We added a new “Shared directories” section to the details page and a new primary nav items “Directories shared with me”.

The workflow to share a directory within your AWS Organization is shown below.

The handshake screen to accept a directory being shared with you. Given that accepting the directory share would incur charges, the terms and a checkbox to confirm were explicitly laid out.

The feature shipped successfully and is now in use by many AWS Directory Service customers.