AWS Organizations- Central Management of multiple AWS accounts
Are you looking for a way to centrally manage and govern your multi-account AWS environment without incurring any extra charges? If yes, then you should check out AWS Organizations service. In this article, we will explore AWS Organization service and the benefits it offers.
AWS Organization is a service placed under Management and Governance category in AWS Cloud which enables you to create one organization from many AWS accounts, so you can manage and govern them from a single account called Management account and still enjoy the benefits of multi-account environment. Once you setup an organisation, you can either create new accounts under it or invite existing accounts to be part of your organization provided you have root privileges on them. An organization can be created and managed via AWS console, SDK or AWS CLI.
Key Terms you should know-
Organization – An Organization is a hierarchical collection of AWS accounts which you can govern and manage centrally.
AWS Account – It can be conceptualized as a container for all your AWS cloud resources.
Management Account – It is that AWS Account in your environment which you have used to create your organization. It is also called as Master account or administrative account.
Member Account – A member account is an AWS account which is linked to the management account in your organization. 10 is the default limit for number of accounts in an Organization, if you need more then an increase can be requested by using service quota console.
Organizational unit (OU) – It is a group of AWS accounts within your AWS Organization. It also supports a hierarchical arrangement up to five levels, though it is recommended to use that only if business use case benefits from it despite added complexity.
Administrative root– It is the topmost container in your organization hierarchy. It is the starting point in AWS Organization.
Service Control Policy (SCP) – It is a JSON document which defines the AWS service actions that are available for use in different accounts within an Organization. SCP’s themselves can not grant any permission, they only control the permission granted by IAM users and roles.
How it works –
Benefits of using AWS Organizations-
- Workloads can be scaled faster.
- Consolidated billing where you can monitor expenses of all accounts on a single dashboard.
- Central resources can be shared across your organization using AWS Resource access manager.
- Easy creation of custom environments for different workloads.
- Resource usage is optimized as you can utilize quantity discounts with a single bill.
- Permission management and Access control administration is simplified.
- Central Audit of your cloud environment using CloudTrail.