AWS Organizations: A New Era in Managing AWS Accounts
- June 06, 2017
At re:Invent 2016, AWS announced Organizations, the ability to have and easily manage multiple accounts. Flux7 consultants have long recommended multiple accounts to clients as a best practice for maintaining separation of roles and applications to address security and compliance policies and now it’s even easier with the AWS Organizations Service. Let’s first walk through what makes it so easy and then we’ll share AWS and Flux7 best practices.
Create with Ease
Creating an organization itself is the matter of a couple mouse clicks. From here, you can easily place multiple accounts underneath it, with only an email ID needed. Conversely, you can also create new AWS Accounts via API.
Manage Accounts Easily
AWS Organizations removes the need to manage security policies through separate AWS accounts. Earlier, if you had a set of AWS accounts, you had to ensure that users in those AWS accounts had the right level of access to AWS services. Now with Organizations you can easily launch service control policies (SCPs), which give you the ability to configure a single policy and have it apply to your entire organization, an Organization Unit (OU), or an individual account. In this case, you can now use Service Control Policies in AWS Organizations to enforce manufacturing industry compliance in our AWS Account.
At re:Invent, AWS shared several best practices for using AWS Organizations:
- Master Account
- Organizational Units
- Least Privilege
As part of Flux7 best practices, we strongly recommend customers use AWS Organizations. It is available today in all AWS regions except China (Beijing) with no additional cost. Just note that all of the accounts must be from the same seller and you cannot mix AWS and AISPL (the local legal Indian entity that acts as a reseller for AWS services accounts in India) in the same Organization.
Properly setting up AWS accounts can be a game changer, particularly for enterprises with many teams helping to bring solutions to market. Starting with the right account structure that fits your technology and business needs can make all the difference in ensuring security, compliance, and operational efficiency. For a deeper dive on organizations who started their DevOps journey with a solid AWS foundation, please see our resource page here or subscribe to our blog below for new use cases, tips, best practices and commentary.