AWS Organizations Flashcards
What benefits does AWS Organizations provide?
Consolidation of AWS billing (including using a single payment method).
Consolidation of reservations and volume discounts.
Service Control Policies
What is a Management Account?
A Management Account is the account that you use to create the organization. From the organization’s management account, you can do the following:
- Create accounts in the organization
- Invite other existing accounts to the organization
- Remove accounts from the organization
- Designate delegated administrator accounts
- Manage invitations
- Apply policies to entities (roots, OUs, or accounts) within the organization
- Enable integration with supported AWS services to provide service functionality across all of the accounts in the organization.
The management account has the responsibilities of a payer account and is responsible for paying all charges that are accrued by the member accounts. You can’t change an organization’s management account.
What do you call an AWS account that joins an Organization?
A Member Account.
What can be contained in the Organization Root?
Organizational Units (OU) or AWS accounts (both the Management Account and Member Accounts).
What are the two ways to add an AWS account to an Organization?
By inviting an existing AWS account to join the Organization or by creating a new AWS account directly within the Organization.
What does Role Switching do?
It allows a user to assume the role of another user within an Organization through the console GUI.
What are Service Controls Policies (SCP)?
They establish permissions for a Member AWS account within an Organization. This has the effect of limiting what the root user of that account can do because the SCP limits the entire account. SCPs do not grant permission to identities within the account, they simply limit what the account as a whole can do.
Is the Management Account impacted by Service Control Policies?
No.
