AWS Organizations
AWS Cloud
Get started with AWS Organizations

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts and then apply policies to those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.

Introducing AWS Organizations
Introducing AWS Organizations
Centrally Manage Groups of Accounts

Centrally manage policies across multiple AWS accounts

AWS Organizations helps you manage policies for multiple AWS accounts. With Organizations, you can create groups of accounts, and then attach policies to a group to ensure the correct policies are applied across the accounts. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Control Individual Account Permissions at Scale

Control access to AWS services

With AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. SCPs put bounds around the permissions that AWS Identity and Access Management (IAM) policies can grant to entities in an account, such as IAM users and roles. For example, IAM policies for an account in your organization cannot grant access to AWS Direct Connect if access is not also allowed by the SCP for the account. Entities can only use the services allowed by both the SCP and the IAM policy for the account.

Automate AWS Account Creation

Automate AWS account creation and management

You can use the AWS Organizations APIs to automate the creation and management of new AWS accounts. The Organizations APIs enable you to create new accounts programmatically, and to add the new accounts to a group. The policies attached to the group are automatically applied to the new account. For example, you can automate the creation of sandbox accounts for developers and grant entities in those accounts access only to the necessary AWS services.

Simplify Billing

Consolidate billing across multiple AWS accounts

AWS Organizations enables you to set up a single payment method for all the AWS accounts in your organization through consolidated billing. With consolidated billing, you can see a combined view of charges incurred by all your accounts, as well as take advantage of pricing benefits from aggregated usage, such as volume discounts for Amazon EC2 and Amazon S3.

Learn more about the use cases below:

AWS-Organizations_GA-Launch_control

AWS Organizations’ Service Control Policies (SCPs) help you centrally control AWS service use across multiple AWS accounts in your organization. With Organizations, you can ensure that entities in your accounts can use only the services that meet your corporate security and compliance policy requirements. For example, you can restrict the use of AWS services that can modify settings for shared resources, such as AWS Direct Connect or Amazon Virtual Private Cloud (VPC) settings.

AWS-Organizations_GA-Launch_automated

AWS Organizations makes it easy for you to automate the creation of new AWS accounts used for different resources. With a few simple API calls, you can create a new account and add the new account to a group. You can attach a Service Control Policy (SCP) to that group that only allows the use of the necessary AWS services. Through consolidated billing, you can automatically link the new accounts to a single payment method for simplified billing.

AWS-Organizations_GA-Launch_group

Creating groups of AWS accounts helps you manage policies across your accounts centrally. For example, you can create separate groups of accounts used for development and production resources, and then apply different policies to each group. You can attach a Service Control Policy (SCP) to the development group that allows the use of all AWS services for testing, and attach a different SCP to the production group that only allows access to authorized services.


It’s easy to get started with AWS Organizations. Follow our console walkthrough to set up your organization in a few clicks. AWS Organizations is available to all AWS customers at no additional charge.

Get Started for Free