LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Complete Guide to AWS Security and Compliance Management

Understanding Organizations - Amazon Web Services (AWS) Tutorial

From the course: Complete Guide to AWS Security and Compliance Management

Start my 1-month free trial Buy for my team

Understanding Organizations

“

- [Instructor] AWS organizations is a tool that lets you centrally manage multiple AWS accounts. It is critically important to understand the security controls that are available within an AWS account. That said, as your use of AWS grows increasingly sophisticated, it is likely that you'll end up in a multi account environment. With organizations, you identify a master account, then link multiple member accounts to the master. This lets you perform administrative functions and manage costs centrally. For managing security controls, you can use service control policies or SCPs. With an SCP, you can restrict access to regions and set maximum permissions for member accounts. As is the case with most AWS services, organizations are API-enabled. That means you can create a member account programmatically, as well as put account limitations in place with SCPs. If you end up managing a large distributed environment, you can group similar member accounts together in organizational units. Consider the following scenario. You select one of your AWS accounts and designate it as the root account of your organization. Now suppose you have an account in which research and development takes place. You can make that account a member account so finances can be managed centrally. Then suppose you decide to segment out the public facing applications you provide into accounts of their own. If you have certain security policies you want every application to adhere to, you can group those accounts into an organizational unit. This becomes especially useful when operating at scale as you can project security policies at the OU level and the member accounts inherit those policies. I'm sure you appreciate how organizations can give you confidence in reducing the variability of your configurations when managing multiple AWS accounts.

Contents