Work Together Using AWS Organizations
Learning Objectives
After completing this unit, you’ll be able to:
- Explain the uses and benefits of AWS Organizations.
- Explain the uses and benefits of Consolidated Billing.
In a large organization, you might have multiple IT groups working independently. Each group has its own AWS account, complete with Reserved Instances, AWS CloudTrail logs, and a monthly bill. What if you could consolidate and manage all of that in one place?
Bring Accounts Together with AWS Organizations
AWS Organizations is a free account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
AWS Organizations enables you to:
- Group accounts into organizational units (OUs).
- Create service control policies (SCPs) that centrally allow or deny access to specified AWS services at the OU or individual account level.
- Simplify account management by using application programming interfaces (APIs) to automate the creation and management of new AWS accounts.
- Combine service usage across accounts to share volume pricing discounts, Reserved Instance discounts, and Savings Plans.
- Simplify the billing process by setting up a single payment method for all AWS accounts in your organization.
- Centrally secure and monitor your accounts.
- Audit your environment for compliance across accounts.
One Account to Rule Them All
The AWS account you use to create your organization is the management account. With this account, you can create other accounts in your organization, invite and manage invitations for other accounts, and remove accounts from your organization.
Other accounts that are part of an organization are called member accounts. A member account can belong to only one organization at a time.
Control Access with Service Control Policies
The management account can use service control policies (SCPs) to allow or deny access to AWS services for individual AWS accounts or for groups of accounts in an OU. The specified actions from a SCP are applied to all AWS Identity and Access Management (IAM) users, groups, and roles for an account, including the AWS account root user.
Track Cost for Multiple Accounts with Consolidated Billing
AWS Organizations provides consolidated billing so you can track the combined costs of all the linked accounts in your organization. The master account receives the consolidated bill.
With consolidated billing, you can combine service usage from multiple accounts into a single invoice. This enables you to reach utilization discounts faster than each account would reach individually. You can also apply unused reserved instances from one account to another account’s instance usage.
Another benefit to consolidated billing—use the AWS Cost Management services discussed in the previous unit to analyze costs and create budgets for all of the linked accounts in the organization in one place.
In the next unit, you explore AWS Support plans.
Resources
- External Site: AWS Organizations
- External Site: AWS Organizations User Guide
- External Site: AWS Multiple Account Billing Strategy
- External Site: Consolidated Billing for Organizations
- External Site: Volume Discounts