Organizations Flashcards
Cross account access
AWS Organization uses IAM Role in member account to access that account resources
AWS Organization
100s or more accounts
standard AWS account - not in an organization
one account is assigned a Management or Master account or payer account.
Invite existing standard accounts to join the organization
standard accounts must accept the invite then they become a member account
Creating accounts inside an Organization becomes part of the Org and skips the invite step
No need to have IAM users for every AWS Account, use IAM Roles to access each account resources
Best Practice - Single account to login to and manage user identities
Or use customers On-premises existing identity management system and use Identity federation to on-prem identities to role switch into other member accounts in the Org using roles in those target accounts
Organization structure
Organization Root is a container in an organization that contains AWS accounts for member accounts or management account.
Can contain containers as well to create nested structure
Organization Root is NOT the account Root User
AWS Organization Consolidated Billing
Consolidated in the Management account
Members pass billing through to the management account (payer account)
Single monthly bill in management account for all accounts in the Organization
Combined billing also combines resources in a pool which can lower pricing with volume discounting
Organization structure
Top-level Organization Root
Hierarchical structure
AWS Accounts and
Organization Units (OUs) are other containers that can contain more AWS accounts or other OUs.
