AWS Organization: AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes consolidated billing and account management capabilities that enable you to better meet the budgetary, security, and compliance needs of your business. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization.
Create Organization
Prerequisite: To get started, you must first decide which of your AWS accounts will become the management account (formerly known as master account).
You can either select an existing one. (AWS account that is not already a member of another organization.)
Or
You can create a new one from here:
https://aws.amazon.com/console/
Just follow the procedure. More detail link
Sign in as an administrator to the AWS Management Console using the AWS account you want to use to manage your organization.
Go to the AWS Organization console:
Click the Create Organization button.
It will enable all features of organization. If you want to enable only consolidated billing only features then click there. Selecting all features is recommended if you want to take advantage of all of the central management capabilities of AWS Organizations.
Congratulations! You have successfully created an Organization.
Now you can create new AWS account or invite old account to be a member of that organization.
Add AWS accounts to your organization
You can add AWS accounts to your organization by using two methods:
- Invite existing AWS accounts to your organization by using their AWS account ID or associated email address.
- Create new AWS accounts.
Invite existing AWS accounts: For that you have to loing using the root email or need to varity the root email.
It will send an invitaion of your root email address.
After varifying your root email you can able to send invitation:
You can send multiple invitations at one time.
Create new AWS accounts:
You can create a new AWS account for your organization:
AWS account name: provide a friendly name for your new AWS account. Ex: new-dev
Email address of the account's owner: Provide a new email
email address. Ex: email@gmail.com
Or Provide the same email address by adding +1 +2 ... before @ of your email address. Ex: email+1@gmail.com
IAM role name: This role can be used to switch role from your root account to member accounts. Ex: OrganizationAccountAccessRole
Then click the Create AWS account button.
You have successfully create a AWS account for our organization. You can create as manay account as you want for your organization.
Model your organizational hierarchy
You can manage your organizationl hierarchy by grouping your AWS accounts in OUs(Organizational Unite)
- One account should be under root or one OU.
- One OU should be under root or one OU.
- One OU can have multiple accouts and also multiple OUs.
- You can create policy (SCP) for an account or an OU or for Both.
How to create OU(Organizational Unit):
Just like a folder creation, click on Root or where you want to create new OU and then from Actions Select Create new.
Provide a OU name and click Create organizational unit button.
It will successfully crating your OU.
Note: You can create as many OU as you like. But only 5 depth hierarchy is allowed from the root.
How To move account to OU(Organizational Unite):
Just select the accounts and from the Actions select Move
Then select which OU you want to move the account then click Move AWS account.
It will immediately move your account to the selected OU(Organizational Unite). You can move multiple accounts at a time.
You got the idea. You can rename and delete of your OU by following the same method.
That's how you can organize your Organizational hierarchy.
Organization Services: You can enable services for your organization. It will help you to enable services from one place to all of your member account and also you will get the centralized log. It will help you to manage multiple AWS account to one place.
Note: To get benified by using organization try to use those organization services. Try to enable service as per your business requirements.
Organization Policies: Organization policies help you to enable central administration over the permissions available within the accounts in your organization.
Follow this to learn more & enable Service Control Policy (SCP)
Note: To get benified by using organization try to use those organization Policies. Try to enable service as per your business requirements.
Remove AWS account from Organization
You can remove AWS account from two places:
Management account: Just need to select AWS accont(s) which you want to remove from this Organization, then select from Actions Remove from organization
then click Remove account. It will remove that AWS account from your Organization.
It might ask you some extra billing information for the removed account.
Member Account: Login to your member account which account you want to remove from organization.
go to the AWS Organizations console. From dashboard click Leave this Organization.
It will remove this Account from the Organization.
Note: If you leave the organization, you become responsible for all billing charges related to this account. So AWS might ask some billing details from you.
If you want to rejoin the organization you have to follow the Invitation step again.
Delete Organization
Note: You have to remove all member account first before deleting Organization.
From the Settings click Delete organization button. It will delete the organization.
Summary
AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts.
In addition, AWS Organizations is integrated with other AWS services so you can define central configurations, security mechanisms, audit requirements, and resource sharing across accounts in your organization. And also AWS Organisaztion is free for all.
To learn more, read the AWS Organizations documentation.
Thanks for reading! Happy Cloud Computing!
Connect with me: Linkedin
Top comments (2)
Ouf, this procedure seem very complex and long.
Try Brainboard's multi-credentials ;) brainboard.co/
It seems very complex and long. But actually, the main procedure is just one click and very easy to understand. I have described all features which made it long. But Brainboard's is awesome! Understand the procedure and use Brainboard to implement it.