Open In App

Introduction to AWS Organizations

Last Updated : 28 Mar, 2023
Improve
Improve
Like Article
Like
Save
Share
Report

AWS Organizations is a free governance tool that lets users create and manage multiple AWS accounts. It helps in managing multiple users’ accounts from a single location or account, rather than switching every time from one account to another. It is a tool for the centralization and governance of all user’s AWS accounts.

With the help of AWS Organizations, users can create new AWS accounts, link the existing accounts, and share resources among the accounts. AWS users can also centralize their logs and also set policies on how their AWS accounts will be managed.

An AWS user can assign a single AWS account to hold their logs by integrating with AWS CloudTrail. Billing can easily roll up to a single account for payment for all accounts. Reserved Instances can be shared across multiple accounts. This helps users in paying for the Reserved Instances through a centralized system.

The maximum limit of user accounts under AWS organizations is 10. This can also be changed by contacting AWS Support. Setting up AWS Organizations is free of cost. Users will only be billed for the resources utilized in each account.

Components of AWS Organizations:

  • Management/Master account – This is the master account in AWS Organizations that has all the administrative rights for all accounts under that particular AWS Organization. It is used to centrally manage all accounts and handle the billing and logs of all accounts in the Organization.
     
  • Member account – The accounts in AWS Organization other than the Master account are called member accounts. These can be existing accounts or new accounts added to AWS Organization.
     
  • Organization Units (OU) – The unit in which all accounts are grouped are called Organization Units (OU). Multiple OUs can be created in an Organization, and they can be nested within each other.
     
  • Policies – AWS Organization provides various policies that help in restricting or setting boundaries for each account. The most important policy provided is the Service Control Policy (SCP). We’ll discuss this in a little more detail ahead.

AWS Organizations Policies:

  • AI services opt-out policies – If it is enabled, it allows AI services to store and use your content.
  • Backup policies – These are used to enable organization-wide plans for backup to help in compliance. It helps you in maintaining consistency.
  • Service Control Policies –  This is the most important policy of AWS Organizations. These help in limiting the accounts within the organization’s access control guidelines.
  • Tag policies – These are used to set standards for resources that are tagged in AWS. Users can define the tag keys and their allowed values in this policy.

Service Control Policies (SCP):

Service Control Policies are used with AWS Organizations to create certain policies. It is a document that is used to manage or create permissions or guidelines for users or resources inside your AWS account. This can set limits on what users can do inside an AWS account.

Once implemented, they are applied to each and every resource inside that account. They are the best way to restrict permissions to users or resources. It can also be applied to the Root account. It can be found under AWS Organizations → Policies → Service Control Policies.

AWS Organization Features:

  • Centralized Management: Users can link all accounts into a single organization and centrally manage them. Users can add new or existing accounts in AWS into Organizations.
  • Central billing for all accounts: The billing of each resource utilized in accounts present in AWS Organizations can be done from one master account. This saves a lot of time and effort.
  • Grouping of accounts: Accounts can be grouped in AWS Organizations, either normally or in a hierarchical form. Users can create different Organization Units (OU) with different access levels and can nest OUs inside each other.
  • Policies: Users can set policies in AWS Organizations to set boundaries for each account and restrict their activities according to their role.
  • Integration with IAM service: AWS Organizations can be integrated with AWS Identity and Access Management (IAM) to set up roles for users and accounts.
  • Integration with other AWS services: AWS Organization can be integrated with other AWS services like AWS backup, CloudTrail, etc.
  • Free to use: Setting up and using AWS Organization is free of charge. The user is only charged for the resources used by each account.
     
Steps for users to follow for setting up and using AWS Organizations

 

Advantages of Using Organizations

  • Quick Scaling of your environments: Using AWS Organizations, users can quickly scale their environment by adding and grouping new accounts. Users can add new accounts to a group and create fresh ones programmatically, owing to the Organization’s APIs. The new account will instantly be covered by the group’s policies.
  • Grouping accounts: Accounts can be grouped in a systematic and hierarchical way which makes them easy to use.
  • Efficiently provision resources across accounts: Instead of using duplicate resources for different accounts using AWS Resource Access Manager (RAM) with AWS Organization, users can share resources between accounts in that Organization.
  • Centrally manage and govern multiple accounts: Users can have master accounts having admin access and can manage all accounts inside that Organization centrally.
  • Set limits to what users can do using SCP’s: The user has the option to set policies in AWS Organization which helps in setting boundaries and restricting each account.
  • Manage costs and logs centrally: Billing and logs of each account inside AWS Organizations can be handled centrally and in a consolidated manner.

Use Cases of AWS Organizations:

  1. Grouping various accounts in AWS.
  2. Restricts access to accounts via a single account.
  3. Billing and costs are to be checked and paid via a single account, i.e. centrally.
  4. Share resources between various accounts.
  5. Set up prod or dev or foundation OU accounts.
  6. Set up accounts in a hierarchical or nested manner.

Conclusion:

To conclude, AWS Organizations is a great service provided by AWS to consolidate all your accounts into one place known as Organization. It helps in using as well as managing the different accounts also their costs from a single place rather than doing it individually. This helps users a lot in saving their time and effort in the management of these multiple accounts. At the start, it might feel a little complex to use but as the user keeps on learning this helps in saving a lot of time, effort, and money. 


Like Article
Suggest improvement
Next
Introduction to Amazon Web Services
Share your thoughts in the comments

Similar Reads

AWS OpsWorks vs AWS Beanstalk vs AWS CloudFormation
Introduction to AWS Simple Storage Service (AWS S3)
Difference between AWS Cloudwatch and AWS Cloudtrail
AWS Educate and AWS Emerging Talent Community
AWS DynamoDB - Insert Data Using AWS Lambda
How To Use AWS EC2, EBS, and S3 Services Using AWS CLI?
How To Create Spot Instance In Aws-Ec2 In Aws Latest Wizards?
Difference Between AWS (Amazon Web Services) ECS And AWS Fargate
How To Aceses AWS S3 Bucket Using AWS CLI ?
AWS IGW Using AWS Terraform

S
suhashegde111
Article Tags :
Practice Tags :
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox