AWS Cloud Operations Blog
Tag: AWS Organizations
Building a well architected AWS GovCloud (US) environment with AWS Control Tower
Using AWS Control Tower in the AWS GovCloud (US) Regions The recent announcement of AWS Control Tower achieves FedRAMP High authorization in AWS GovCloud (US) Regions reminds us that it is a good time to review how to implement a well-architected multi-account strategy. This helps customers quickly build a baseline multi-account environment while having access […]
Automate insights for your EC2 fleets across AWS accounts and regions
Introduction Gaining insights and managing large Amazon Elastic Compute Cloud (Amazon EC2) fleet that is spread across multiple accounts and regions can be a challenging task. It’s crucial to have a quick and efficient method to identify which instances are managed by AWS Systems Manager (SSM) and gather detailed information about the instances that are […]
How to audit the support level of your AWS accounts using AWS Config
At AWS, we offer a variety of tools to assist our customers during their cloud journey. From AWS re:POST where you can ask AWS related questions to the community, to AWS Skill Builder where customers can view on-demand video content and sign up to attend online and live training sessions. AWS also offers various support […]
Build a multi-account access notification system with Amazon EventBridge
While working with many of our customers, a recurring question has been “How can we be notified when users login to key accounts so we can take action if needed?” This post shows how to implement a flexible, simple, and serverless solution that creates notifications when sensitive accounts are logged in to. Alerting on high […]
Service Quota Observability Across Regions and Accounts
Customers often need to launch workloads in new accounts and regions. You could be developing an application in a development account, and looking to launch it in a production account, following AWS multi-account best practices on separating production and non-production workloads. You could also be launching a second instance of your payment processing application in […]
Achieving operational excellence with design considerations for AWS Organizations SCPs
Service control policies (SCPs) are a set of policies that allow organizations to manage permissions using AWS Organizations. SCPs help control access to AWS services and resources provisioned across multiple accounts created within an organization. In addition, SCPs enable you to set up permission guardrails by defining the maximum available permissions for IAM principals in […]
AWS Organizations, moving an organization member account to another organization: Part 3
In part one, we identified different features of AWS Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context keys. In part two of the series, we identified behavior and actions when you want […]
AWS Organizations, moving an organization member account to another organization: Part 2
In part one, we identified different features of Organizations requiring guidance and consideration when you move an account from one organization in Organizations to another. We focused on Organizations Polices, AWS Resource Access Manager (AWS RAM) shares, and AWS global condition context keys. In this post, part two of a three-part series, we identify behaviors […]
AWS Organizations, moving an organization member account to another organization: Part 1
AWS customers use AWS Organizations as the basis of a multi-account AWS environment as defined by the Organizing Your AWS Environment Using Multiple Accounts AWS Whitepaper. Organizations is an AWS service that enables you to centrally manage and govern multiple accounts. Often there is a scenario when you must move an AWS account from one […]
Simplified multi-account governance with AWS Organizations all features
AWS Organizations simplifies multi-account governance for customers with tools to centrally manage their AWS accounts and offers two feature modes all features and consolidated billing. With all features enabled, the default and preferred approach, customers can centrally manage other AWS services that are integrated with AWS Organizations and apply organization-wide controls with the management policies. […]