AWS Organizations is a service that enables the creation of a hierarchical structure for managing multiple AWS accounts within an organization. Figure 20-3 shows the AWS Organizations dashboard in the AWS Management Console.

Figure 20-3

 

Organizations provides centralized management and governance, allowing an administrator to define and enforce policies across the entire organization. These are the main features of this tool:

• Management and member account structure: In Organizations, the management account is the top-level AWS account in the organizational hierarchy. It has administrative control over all member accounts. Member accounts are individual AWS accounts associated with the organization, each serving specific purposes or workloads.

• Organizational units (OUs): OUs are logical containers for grouping member accounts to reflect the organizational structure, making it easier to apply policies and manage resources.

• Service control policies (SCPs): SCPs are applied at the root or to OUs or accounts to define permissions and control access to AWS services. SCPs help enforce security and compliance standards.

• Consolidated billing: For many AWS administrators, this feature alone makes Organizations a beloved tool. The centralized billing feature makes it possible to aggregate charges from all member accounts and provide a unified view of costs and usage across the organization.

• Policy-based management: This powerful feature enables the application of IAM policies, SCPs, and other policies at the organization, OU, or account levels to govern access and resource usage.

• Organizational view: The organizational view is a graphical representation of the organizational structure that helps visualize relationships between accounts and OUs.

• Tag policies: Tag policies allow organizations to define and enforce tagging standards, ensuring consistent tagging practices across accounts for better resource tracking and cost management.

• Cross-account resource access: AWS facilitates secure access to resources across accounts, enabling organizations to share resources while maintaining control over permissions.