AWS Organizations now supports tagging, tag-on-create and Attribute-Based Access Control (ABAC)
AWS Organizations added new capabilities to its existing support for tagging AWS accounts in your organization. Now you can attach tags, or user-defined attributes, to Organizational Units (OUs), the organization’s root and policies thus enabling you to easily identify, classify, or categorize resources in your organization. You can also tag these resources as you create them, giving you a convenient way to ensure that all your AWS Organizations resources are always tagged.
Additionally, you can now leverage these tags for attribute-based access control (ABAC). ABAC is an authorization strategy that defines permissions based on tags attached to users and AWS resources. ABAC simplifies permissions management as you can author a single permission policy that you don’t need to update as new resources are added to your AWS environment. You can also improve your security posture by authoring granular permission rules based on the tags you define.
AWS Organizations helps you centrally govern your multi-account environment as you grow and scale your workloads on AWS. Using AWS Organizations, you can automate account creation, group accounts to reflect your business needs, manage cross-account service functionality and apply policies for governance. You can also simplify billing by setting up a single payment method for all of your AWS accounts. AWS Organizations also integrates with other AWS services to define central configurations and resource sharing across accounts in your organization.
You can get started with these new features using the AWS Organizations console or programmatically via the AWS SDK at no additional cost. For more information, please visit documentation on Tagging in AWS Organizations.