Organizations

  • A tool to manage multiple AWS accounts efficiently, mainly for larger businesses.

  • Reduces costs and administrative overhead.

🌳 Structure of AWS Organizations

  • Hierarchical structure like an inverted tree.

  • Root (top-level container) holds:

    • AWS accounts (management & member accounts).

    • Organizational Units (OUs) – sub-containers within the root.

  • OUs can contain:

    • Other AWS accounts.

    • Nested OUs (multi-level hierarchy).

💳 Billing

  • Consolidated Billing:

    • One single monthly bill for the entire organization.

    • All costs are consolidated under the management account.

    • Greatly reduces financial admin for large companies.

🛡️ Security & Control

  • Service Control Policies (SCPs):

    • Set permission boundaries for what accounts can or cannot do.

    • Apply at the OU or account level.

🔄 Account Management

  • You can:

    • Invite existing AWS accounts.

    • Create new accounts directly in the organization (requires only a unique email).

    • No need for an invite process if account is created directly.

🔐 Identity & Access Management

  • Avoid IAM users in every account.

  • Use IAM roles to allow access across accounts.

  • Use identity federation with on-premise systems:

    • Use a central identity account.

    • Authenticate once, then switch roles to other member accounts.

Last updated