What are AWS Organizations? Centralized management of multiple AWS accounts

In this article, we will explain AWS Organizations, which are often used in the field.

What are AWS Organizations?

AWS Organizations is a
centralized management of multiple AWS accounts.
AWS Organizations is an AWS solution that centrally manages multiple AWS accounts.

This is a managed service that makes IAM access management easy to implement even for large organizations.

Provides policy-based management for multiple AWS accounts.

You can create groups of multiple accounts, automate account creation, and apply and manage policies to those groups.

Using AWS Organizations, policies can be centrally managed across multiple accounts without the need for custom scripts or manual processes.

This allows you to create a Service Control Policy (SCP) that centrally controls the use of AWS services across multiple AWS accounts


How would it be expressed in a configuration diagram?



What are the advantages?

Automate account creation, create groups of accounts that reflect business needs, and apply and manage policies to those groups.


AWS Organizations bulk billing allows you to consolidate payments for multiple AWS accounts within a single organization.

Certain services, such as Amazon EC2 and Amazon S3, use specific volume pricing that offers users lower prices the more they use the service.

Thus, consolidating volumes and billing may reduce costs.



Image of adding a member AWS account to a master AWS account

  • AWS account (master) * Currently logged in AWS account
    • AWS Account (Member)
    • AWS Account (Member)
    • AWS Account (Member)

AWS Account (Master)" sends invitation mail to "AWS Account (Member)" to add the account.

To delete (become independent of) an AWS account (member), all privileges must be removed.



What can you do?

  • Bulk Billing
    • Ability to centralize billing for multiple AWS accounts
  • Centralization of Authority
    • Put users into department folders (OU: organizational unit) and assign policies to department folders
  • Automated creation of new accounts
    • Console/SDK/CLI to create AWS accounts and manage logs of their contents


Selecting a feature set

Choose between two methods: batch payment agency and account-wide management

  • Consolidated Blling Only
    • Only lump-sum payment on behalf of the company
    • Cost advantages arise because volume discounts can be integrated
  • All Feature
    • Select this option if you want to control multiple accounts in your company, including batch payments


What is volume discounting?

A method of purchasing at a discount through bulk transactions.

pay-as-you-go discount

What is the SCP Policy?

Differences between AWS Organizations and IAM

  • AWS Organizations is a service to manage AWS accounts
  • IAM is a service that manages IAM users within an AWS account


*Compare what an AWS account can do and what an IAM user can do.


AWS_Organizations Articles