Organizations

Overview

• Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.

Benefits

• Centralized management of all of your AWS accounts:

  • You can combine your existing accounts (or create new accounts or invite existing ones) into an organization that enables you to manage the accounts centrally.

• Consolidated billing for all member accounts:

  • You can use the management account (formerly known as the "master account") of your organization to consolidate and pay for all member accounts and management accounts can also access the billing information, account information, and account activity of member accounts in their organization.

• Hierarchical grouping of your accounts to meet your budgetary, security, or compliance needs:

  • You can group your accounts into organizational units (OUs) and attach different access policies to each OU and you can nest OUs within other OUs to a depth of five levels.

• Global access:

  • Organizations is a global service with a single endpoint that works from any and all AWS Regions.

• Free to use

  • Organizations is a feature of your AWS account offered at no additional charge.

Service Control Policies (SCP)

• SCPs are a type of organization policy that you can use to manage permissions in your organization.

• SCPs offer central control over the maximum available permissions for all accounts in your organization.

• SCPs affect only IAM users and roles that are managed by accounts that are part of the organization. SCPs don't affect resource-based policies directly.

• SCPs affect only member accounts in the organization.

  • They have no effect on users or roles in the management account.

• SCPs do not affect any service-linked role.

  • Service-linked roles enable other AWS services to integrate with Organizations and can't be restricted by SCPs.

• They can be nested, and when they are, they are inherited.