After a three months preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS…
After a three months preview since re:Invent 2016, Amazon Web Services has recently moved AWS Organizations to general availability. The new service allows to centrally manage multiple AWS accounts within a hierarchy of organizational units and attach service control policies with fine-grained access permissions. AWS Organizations also supersedes the formerly separate consolidated billing feature.
As outlined by Amazon Web Service’s Chief Evangelist Jeff Barr , many AWS users are using multiple accounts for reasons such as incremental cloud adoption across organizational teams, or « to meet strict guidelines for compliance or to create a very strong isolation barrier », for example between development, testing, and production environments.
AWS also supports collaboration between accounts owned by the same or different organizations with cross-account features such as VPC peering, sharing of EC2 images, EBS and RDS snapshots, and cross-account console access via IAM roles. However, consistent management of these cross-account interdependencies can quickly become an operational challenge.
The dedicated AWS Organizations service now aims to reduce this complexity by offering « to centrally manage multiple AWS accounts, with the ability to create a hierarchy of Organizational Units (OUs), assign each account to an OU, define policies, and then apply them to the entire hierarchy, to select OUs, or to specific accounts ».
