AWS Organizations features

AWS accounts are natural boundaries for resources, permissions, security, costs, and workloads. Using a multi-account environment is a recommended best-practice when scaling your cloud environment. You can simplify account creation by programmatically creating new accounts using the AWS Command Line Interface (CLI), SDKs, or APIs, and centrally provision recommended resources and permissions to those accounts with AWS CloudFormation StackSets .

As you create new accounts, you can group them into organizational units (OUs), or groups of accounts that serve common purpose, such as single application or service. You can integrate with supported AWS services and delegate responsibility for supported AWS services and AWS Organizations to member accounts so users can manage them on behalf of your organization. Apply management policies such as backup, tag, declarative policies, and more for additional management capabilities in your organization.

You can centrally provide tools and access for your security team to manage security needs on behalf of the organization. For example, you can provide read-only security access across accounts, detect and mitigate threats with AWS Config, Amazon GuardDuty, and AWS Security Hub, review unintended access to resources with IAM Access Analyzer, and secure sensitive data with Amazon Macie.

Set up AWS IAM Identity Center to provide access to AWS accounts and resources using your preferred identity source, and customize permissions based on separate job roles. You can use service control policies (SCPs) to centralize access controls for principals, resource control policies (RCPs) for resources, and declarative policies for automated security enforcement, allowing you to establish and maintain consistent permissions and security controls across all accounts in your organizationms.

You can apply declarative policies to enforce durable intent such as baseline configuration for an AWS service across your organization. Once you attach a declarative policy, the configuration is maintained when new features, APIs are added, and enforced regardless of authorization context.

AWS Organizations offers over 45 service integrations to help you consistently govern them across multiple accounts. It allows organizations to leverage AWS services effectively, ensuring consistent configurations and security controls at scale.

AWS Organizations provides you with a single consolidated bill across all your accounts. In addition, you can view usage from resources across accounts and track costs using AWS Cost Explorer, and optimize your usage of compute resources using AWS Compute Optimizer, AWS Cost Optimization Hub, Amazon S3 Storage Lens, and additional cost optimization services.