Manage and define your organization and accounts

AWS recommends a multi-account environment as a security and compliance best practice. By isolating your workloads or applications into individual accounts, you can control access to specific workloads using accounts and manage all of your accounts using AWS Organizations.

To accomplish this, you can create new AWS accounts programmatically using AWS Organizations, centrally provision accounts using AWS CloudFormation StackSets, and group them into organizational units (OUs) for management.

Control access and permissions

AWS Organizations works with AWS Single Sign-On to enable you to centrally deploy access to accounts in your organization for your employees. Using Service Control Policies (SCPs), you can apply permission guardrails on accounts to control which services, actions, and resources can be accessed across accounts in your organization.

Audit, monitor, and secure your environment for compliance

You can use AWS Organizations to centrally audit, monitor, and secure your AWS environment to ensure they are compliant with your corporate policies. For example, you can define an organization-wide AWS CloudTrail trail to centrally log all actions performed across your environment and protect it from modification at the account level. Other services available today include AWS Config, AWS CloudWatch Events, AWS Artifact, and AWS Firewall Manager. For a full list of AWS services integrated with AWS Organizations, see AWS Services That You Can Use with AWS Organizations.

Share resources across accounts

AWS lets you centrally define critical resources and make them available to accounts across your organization. For example, you can authenticate against your central identity store in applications such as Workspaces by creating a Managed Active Directory using AWS Directory Service and enable applications deployed in other accounts to access it. Other services you can use to share resources include AWS Resource Access Manager (RAM), AWS Service Catalog, and AWS License Manager.

Centrally manage costs and billing

You can use AWS Organizations to consolidate usage across all accounts in your organization into a single bill. Additionally, you can manage your tax settings across accounts in your organization from a central Tax console, and utilize AWS Budgets and AWS Cost Explorer to gain insights into your AWS spending across your organization.

Getting started with AWS Organizations

Visit the getting started page
Ready to build?
Get started with AWS Organizations
Have more questions?
Contact us