4. AWS Organizations
Documentation
AWS Organizations Documentation
Introduction
You can use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.
High Level use case for AWS Organizations
- Add Accounts
- Group Accounts
- Apply Policies
- Enable AWS Services
Features for AWS Organizations
- Manage your AWS Accounts - natural boundaries for permission, security, costs, and workloads.
- Define and manage your organization - tag policies, delegate responsibility.
- Secure and monitor your accounts - centrally provide tools and access for your security team - GuardDuty, IAM Access Analyzer, Amazon Macie
- Control access and permissions - IAM Identity Center provides access, Service Control Policies (SCPs) enable you to control access to AWS resources, Chatbot (Slack and Teams) policies can be applied here as well.
- Share resources across accounts - AWS Resource Access Manager (AWS RAM), VPCs, AWS License Manager, AWS Service Catalog
- Audit your environment for compliance - AWS CloudTrail, AWS Config, AWS Backup
- Centrally manage billing and costs - single consolidated bill, tracking using AWS Cost Explorer, optimize using AWS Compute Optimizer
Use Cases for AWS Organizations
- Automate the creation of AWS accounts and categorize workloads - automate the creation of AWS Accounts - adding them to user-defined groups for security policy application
- Define and enforce audit and compliance policies - apply SCPs across accounts. Central logging with AWS CloudTrail. Enforcing standard resource configs with AWS Config, backups with AWS Backup, AWS Control Tower to apply pre-packaged governance rules.
- Provide tools and access for your Security teams while encouraging development
- Share common resources across accounts
- Share critical central resources across your accounts