AWS Organizations
💡 Definition
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. It includes account management and consolidated billing capabilities.
🔑 Key Concepts
- Master Account (Management Account): The central account that pays the bills and manages policies.
- Member Accounts: Other accounts in the organization.
- OU (Organizational Unit): A container for accounts (e.g., "Finance", "Dev", "Prod").
- SCP (Service Control Policy): Policies that restrict permissions for member accounts.
- Consolidated Billing: Combined usage for all accounts leads to volume discounts.
⚙️ How it Works
- Create Organization: From the management account.
- Invite Accounts: Invite existing accounts or create new ones.
- Structure: Group accounts into OUs.
- Apply Policies: Attach SCPs to OUs or accounts to enforce guardrails.
🎯 Use Cases
- Centralized Billing: Single payment method for all accounts.
- Access Control: Restricting specific services (e.g., "No Redshift allowed in Dev accounts").
- Compliance: Enforcing policies across the entire company.
- Volume Discounts: Aggregating usage (e.g., S3 storage) to reach lower pricing tiers.
💰 Pricing Model
- Free: AWS Organizations is available at no additional charge.
📝 Exam Tips (CLF-C02)
- Enables Consolidated Billing.
- Uses SCPs to restrict what accounts can do (even the root user of a member account).
- Allows for Automated Account Creation.
See Also: * Consolidated Billing * SCP * IAM