AWS Organizations

Policy-based management for multiple AWS accounts.

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts, automate account creation, apply and manage policies for those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.

Introducing AWS Organizations

Benefits

Centrally manage policies across multiple AWS accounts

AWS Organizations helps you manage policies for multiple AWS accounts. With Organizations, you can create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Control access to AWS services

With AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. SCPs put bounds around the permissions that AWS Identity and Access Management (IAM) policies can grant to entities in an account, such as IAM users and roles. For example, IAM policies for an account in your organization cannot grant access to AWS Direct Connect if access is not also allowed by the SCP for the account. Entities can only use the services allowed by both the SCP and the IAM policy for the account.

Automate AWS account creation and management

You can use the AWS Organizations APIs to automate the creation and management of new AWS accounts. The Organizations APIs enable you to create new accounts programmatically, and to add the new accounts to a group. The policies attached to the group are automatically applied to the new account. For example, you can automate the creation of sandbox accounts for developers and grant entities in those accounts access only to the necessary AWS services.

Consolidate billing across multiple AWS accounts

AWS Organizations enables you to set up a single payment method for all the AWS accounts in your organization through consolidated billing. With consolidated billing, you can see a combined view of charges incurred by all your accounts, as well as take advantage of pricing benefits from aggregated usage, such as volume discounts for Amazon EC2 and Amazon S3.

Use cases

Control the use of AWS services to help comply with corporate security and compliance policies

AWS Organizations’ Service Control Policies (SCPs) help you centrally control AWS service use across multiple AWS accounts in your organization. With Organizations, you can ensure that entities in your accounts can use only the services that meet your corporate security and compliance policy requirements. For example, you can restrict the use of AWS services that can modify settings for shared resources, such as AWS Direct Connect or Amazon Virtual Private Cloud (VPC) settings.

Automate the creation of AWS accounts for different resources

AWS Organizations makes it easy for you to automate the creation of new AWS accounts used for different resources. With a few simple API calls, you can create a new account and add the new account to a group. You can attach a Service Control Policy (SCP) to that group that only allows the use of the necessary AWS services. Through consolidated billing, you can automatically link the new accounts to a single payment method for simplified billing.

Create different groups of accounts for development and production resources

Creating groups of AWS accounts helps you manage policies across your accounts centrally. For example, you can create separate groups of accounts used for development and production resources, and then apply different policies to each group. You can attach a Service Control Policy (SCP) to the development group that allows the use of all AWS services for testing, and attach a different SCP to the production group that only allows access to authorized services.

Get started with AWS Organizations

icon1

Sign up for an AWS account

Instantly get access to the AWS Free Tier.
icon2

Learn with 10-minute Tutorials

Get started with AWS Organizations.
icon3

Start building with AWS

Begin building with step-by-step guides to help you launch your AWS project.

Learn more about AWS Organizations

Visit the features page
Ready to build?
Get started with AWS Organizations
Have more questions?
Contact us