AWS Organisations and Why You Need It
The Introduction
AWS Organisations is a service provided by Amazon Web Services (AWS) that enables you to centrally manage and govern multiple AWS accounts within your organisation. It helps you to organise your accounts into a hierarchy, implement policies to control access, and automate processes across those accounts.
That’s all well & good, but what does it actually mean for you and your company?
The Breakdown
There are 5 core features as a part of AWS Organisations that make it a must have in your business are:
- Consolidated Billing: AWS Organisations allows you to consolidate billing across all accounts in your organisation, making it easier to track spending and allocate costs.
- Organisational Units (OUs): You can group AWS accounts into organisational units (OUs) to reflect the structure of your organisation. This allows you to apply policies to multiple accounts at once.
- Service Control Policies (SCPs): SCPs are policies that you can attach to OUs or individual accounts to control access to AWS services and resources. SCPs allow you to set permissions at the organisational level, restricting what actions IAM users and roles can perform within member accounts.
- Automation with AWS CloudFormation and AWS Service Catalog: AWS Organisations integrates with AWS CloudFormation and AWS Service Catalog to automate the provisioning and management of resources across multiple accounts.
- Consolidated CloudTrail Logging: You can configure AWS Organisations to consolidate AWS CloudTrail logs from all member accounts into a single S3 bucket, simplifying log management and analysis.
The Benefits
Now we know that AWS Organisations is a centralised point to manage multiple AWS accounts, what is the actual point of centralisation? How does it help you and your organisation save money whilst increasing productivity?
- Resource Sharing: You can easily share AWS resources such as Amazon S3 buckets, Amazon RDS databases, and AWS Lambda functions across accounts within your organisation, promoting resource reuse and collaboration.
- Security and Compliance: With Service Control Policies (SCPs), you can enforce security and compliance requirements across all member accounts, ensuring consistent access controls and reducing the risk of unauthorised actions. Being able to place SCPs in the management account means employees don’t need to keep adding SCPs to new accounts each time they’re added.
- Resource Management: AWS Organisations enables you to centrally manage resources and apply policies at the organisational level, simplifying resource provisioning, configuration, and governance.
- Scalability and Flexibility: AWS Organisations scales with your organisation, allowing you to easily add or remove accounts, adjust policies, and adapt to changing requirements as your business grows.
- Cost Optimisation: By leveraging consolidated billing and cost management features, AWS Organisations helps you optimise costs by providing visibility into spending across your organisation and enabling you to implement cost-saving measures more effectively.
The Implementation
From here on out, we’ll be showing you how to add AWS Organisations to your AWS set up.
Step 1: Sign in to the AWS Management Console (be sure to make sure the account has permissions to access AWS Organisations)
Step 2: Search for Organisations inside of the Management Console
Click on "Create organisation."
Choose the organisation type (You’ll see two options, but we’ll stick with All Features to get the full benefits):
- Consolidated Billing: For organisations that want to consolidate billing and manage payments centrally.
- All Features: For organisations that want to enable all AWS Organisations features, including consolidated billing, service control policies (SCPs), and organisational units (OUs).
Click "Create organisation."
Step 3: Create Organisational Units (OUs) (This allows us to break up the AWS Organisation into a clear hierarchy)
- After creating the organization, you can create OUs to organize your accounts.
- In the AWS Organizations console, click on "Organize accounts."
- Click on "Create organizational unit."
- Enter a name for the OU and optionally select a parent OU.
- Click "Create organisational unit."
Step 4: Invite Accounts to Join the Organisation
- In the AWS Organisations console, click on "Invite account."
- Enter the email address of the AWS account you want to invite.
- Optionally, you can add a custom message.
- Click "Invite."
Step 5: Accept the Invitation (for Invited Accounts)
- The owner of the invited account will receive an email invitation.
- Follow the link in the email to accept the invitation.
- Sign in to the AWS Management Console with the invited account.
- Follow the prompts to accept the invitation and join the organisation.
Step 6: Apply Service Control Policies (SCPs) (Adding in SCPs allows us to set permissions in one account in the hierarchy which will be passed through to child accounts)
- In the AWS Organizations console, click on "Policies."
- Enable Service Control Policies.
- Click on "Create policy."
- Define the policy by specifying the desired permissions and constraints.
- Optionally, you can attach the policy to specific OUs or individual accounts.
- Click "Create policy."
Step 7: Attach Policies to OUs or Accounts
- In the AWS Organisations console, click on "Policies".
- Select the policy which you want to attach an OU or Account.
- Click the “Actions” drop down menu.
- Click on "Attach policy."
- Choose the Account or OU you want the policy attached to and click "Attach Policy."
Step 8: Monitor and Manage the Organisation
- Regularly review the organisation's structure, policies, and member accounts.
- Monitor activity logs, billing, and compliance reports to ensure proper governance.
- Make adjustments to policies and organisational structure as needed to meet changing requirements.
The Conclusion
Now that we’ve created an AWS Organisation, we can have a look at what you’ve been able to add to your team! You’ve created a compelling solution for efficiently managing multiple AWS accounts within an organisation. In addition, you’ve been able to find a centralized point for all of your billings as well as an account to pass your SCPs throughout your organisation whilst also enhancing security, compliance, and cost optimization efforts. Your company now has simplified account management, enhanced scalability, and increased collaboration. Overall, AWS Organizations provides a comprehensive framework that empowers organisations to effectively structure, secure, and govern their AWS resources, making it an essential tool for optimizing operational efficiency and resource management in the cloud.
This has been another episode of CloudInteract’s Expert Series! I hope you learned something new and optimised your day too! Thanks for reading!
Clark Thompson
Platform Engineer at CloudInteract
Want to know more?
See our other articles
Mastering Amazon Connect Billing: Subscription vs. Consumption-Based Models
When navigating Amazon Connect’s billing models, it’s crucial to understand the difference between subscription and consumption-based pricing.
Streamlining Operations during a Complex Divestiture with Advanced Contact Centre and Workplace Solutions
Our customer, a global leader in clinical research, was faced with an immense challenge following its recent divestiture from its parent company.
Reimagine the Future of your Contact Centre – Webinar Recap
Unlock the potential of modern contact centres with Amazon Connect and Cloudnteract. Learn best practices, AI strategies, and actionable steps from industry experts in our webinar recap.