AWS Organizations | Core Concepts Flashcards
How do I get started?
Core Concepts
AWS Organizations | Security, Identity & Compliance
To get started, you must first decide which of your AWS accounts will become the master account. If you have a Consolidated Billing family, we already converted your Consolidated Billing payer AWS account to be the master account. If you do not have a Consolidated Billing family, you can either create a new AWS account or select an existing one.
Steps for customers using Consolidated Billing
Navigate to the Consolidated Billing console. AWS redirects you to the new AWS Organizations console.
AWS converted your Consolidated Billing family automatically, so you can start taking advantage of the new organizational capabilities.
Steps for customers not using Consolidate Billing
You need to create a new organization by following these simple steps:
Sign in as an administrator to the AWS Management Console using the AWS account you want to use to manage your organization.
Go to the AWS Organizations console.
Choose Create Organization.
Select what features you want to enable for your organization. Either consolidated billing only features or all features
Add AWS accounts to your organization by using one of the following two methods:
Invite existing AWS accounts to join your organization by using their AWS account ID or associated email address.
Create new AWS accounts.
Model your organizational hierarchy by grouping your AWS accounts in OUs.
If you choose to enable all features for your organization, then you can author and assign controls to these OUs.
You can also use the AWS CLI (for command-line access) or SDKs (for programmatic access) to perform the same steps to create a new organization.
Note: You can initiate the creation of a new organization only from an AWS account that is not already a member of another organization.
For more information, see Getting started with AWS Organizations.
What is an organization?
Core Concepts
AWS Organizations | Security, Identity & Compliance
An organization is a collection of AWS accounts that you can organize into a hierarchy and manage centrally.
What is an AWS account?
Core Concepts
AWS Organizations | Security, Identity & Compliance
An AWS account is a container for your AWS resources. You create and manage your AWS resources in an AWS account, and the AWS account provides administrative capabilities for access and billing.
What is a master account?
Core Concepts
AWS Organizations | Security, Identity & Compliance
A master account is the AWS account you use to create your organization. From the master account, you can create other accounts in your organization, invite and manage invitations for other accounts to join your organization, and remove accounts from your organization. You can also attach policies to entities such as administrative roots, organizational units (OUs), or accounts within your organization. The master account has the role of a payer account and is responsible for paying all charges accrued by the accounts in its organization. You cannot change which account in your organization is the master account.
What is a member account?
Core Concepts
AWS Organizations | Security, Identity & Compliance
A member account is an AWS account, other than the master account, that is part of an organization. If you are an administrator of an organization, you can create member accounts in the organization and invite existing accounts to join the organization. You also can apply policies to member accounts. A member account can belong to only one organization at a time.
What is an administrative root?
Core Concepts
AWS Organizations | Security, Identity & Compliance
An administrative root is the starting point for organizing your AWS accounts. The administrative root is the top-most container in your organization’s hierarchy. Under this root, you can create OUs to logically group your accounts and organize these OUs into a hierarchy that best matches your business needs.
What is an organizational unit (OU)?
Core Concepts
AWS Organizations | Security, Identity & Compliance
An organizational unit (OU) is a group of AWS accounts within an organization. An OU can also contain other OUs enabling you to create a hierarchy. For example, you can group all accounts that belong to the same department into a departmental OU. Similarly, you can group all accounts running production services into a production OU. OUs are useful when you need to apply the same controls to a subset of accounts in your organization. Nesting OUs enables smaller units of management. For example, in a departmental OU, you can group accounts that belong to individual teams in team-level OUs. These OUs inherit the policies from the parent OU in addition to any controls assigned directly to the team-level OU.