AWS Organizations

What is AWS Organizations?

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

Use your ROOT master account for billing only. Do not deploy any services to your ROOT account.
Under your ROOT account you have OU (Organization Units), like Finance department, Development ect.
When you apply permissions through Policies to a OU, that permissions will be applied to all AWS Accounst and OU in that tree branch.
                                    

Setup Organizations?

Go to Management & Governance > AWS Organizations in services or click on your account > My Organization
                                    

Organizations Best Practices

Always enable multi-factor authentication on root account.
Always use a strong and complex password on root accout.
Paying account (ROOT or master account) should be used for billing purposes only. Do not deploy resources into the paying account.
Enable/Disable AWS services using Service Control Policies (SCP) either on OU or on individual accounts.
For example prohibit EC2 instance access to the Finance Department.
                                    

AWS Organizations Features

AWS accounts which are members of an Organization can have the benefit of Consolidated Billing
Hierarchical based control over groups of IAM users and roles, within multiple Accounts
Grouping all of your AWS accounts into Organisational Units (OU) as part of a hierarchy.

Consolidated Billing

Advantages

- One bill per AWS account
- Very easy to track charges and allocate costs
- Volume pricing discount