Multi-Account Management and Organisations Flashcards
What are AWS Organizations?
o AWS Organizations is a service for managing multiple accounts within a single business
o All accounts within a AWS Organization can consolidate bills into a single account
o Organizations can share bulk discounts and use service control policies to manage accounts limits and permissions
o The Master Account (= root account of the Organization) cannot be restricted: therefore it is normally used only for the centralised billing
o Each element of the Organization can be either an AWS Account, or an Organization Unit (OU) which contains other OUs or Accounts
What is the default max number of Accounts that can be added to an AWS Organization?
o The default number of accounts that can be added is 2, but the limit can be raised through raising a Ticket
How does Role Switching Between Accounts work?
o Switching roles enables you to manage resources across AWS accounts using a single user. When you switch roles, you temporarily take on the permissions assigned to the new role. When you exit the role, you give up those permissions and get your original permissions back. It is a 3 steps process:
o 1) A Role in Account B trusts Account A
o 2) An Identity in Account A can assume the Role in Account B…
o 3) … and using that Role, can operate inside Account B