Organizations

A tool to manage multiple AWS accounts efficiently, mainly for larger businesses.
Reduces costs and administrative overhead.
🌳 Structure of AWS Organizations
Hierarchical structure like an inverted tree.
Root (top-level container) holds:
AWS accounts (management & member accounts).
Organizational Units (OUs) – sub-containers within the root.
OUs can contain:
Other AWS accounts.
Nested OUs (multi-level hierarchy).
💳 Billing
Consolidated Billing:
One single monthly bill for the entire organization.
All costs are consolidated under the management account.
Greatly reduces financial admin for large companies.

🛡️ Security & Control
Service Control Policies (SCPs):
Set permission boundaries for what accounts can or cannot do.
Apply at the OU or account level.
🔄 Account Management
You can:
Invite existing AWS accounts.
Create new accounts directly in the organization (requires only a unique email).
No need for an invite process if account is created directly.

🔐 Identity & Access Management
Avoid IAM users in every account.
Use IAM roles to allow access across accounts.
Use identity federation with on-premise systems:
Use a central identity account.
Authenticate once, then switch roles to other member accounts.

Last updated