AWS Organizations allows you to create groups of AWS accounts that you can use to more easily manage security and automation settings. With Organizations, you can centrally manage multiple accounts to help you scale. You can control which AWS services are available to individual accounts, automate new account creation, and simplify billing.
AWS Organizations is currently in Preview and will be available to AWS customers at no additional charge.
Centrally manage groups of accounts
AWS Organizations makes it easy for you to create groupings of AWS accounts. You can use these groupings to organize your AWS accounts by application, environment, team, or any other grouping that makes sense for your business. Organizations then lets you apply policies to the groupings, making it easier to centralize management of security and automation settings for all your accounts.
Control individual account permissions at scale
You can create a policy in Organizations that sets which AWS services users in your organization are allowed to use. This helps prevent users of individual accounts from having unintended access to AWS services. For example, you can set a policy in Organizations that specifies tighter controls than the AWS Identity and Access Management (IAM) policies for the account. Users in these accounts will be held to the more restrictive Organizations policy.
Automate AWS account creation
AWS Organizations includes APIs you can use to automate the creation of new accounts. This helps eliminate the need for manual processes and custom account configuration scripts. With Organizations, you can automatically configure new accounts with the correct permissions, based on group membership. For example, you can automatically create sandbox accounts for new developers in your company.
You can use AWS Organizations to set up a single payment method for multiple AWS accounts through Consolidated Billing. With Consolidated Billing, you can see a combined view of AWS charges incurred by all your accounts, as well as get a cost report for each individual account in your organization.
Create groups of AWS accounts within your organization.
Organization policies define which AWS services are accessible to accounts within a group or the organization.
Users in the accounts can only access the AWS services allowed by both your organization policies and the account IAM policies.