AWS Organizations のアイコン

AWS Organizations Popular2016年〜

A service for centrally managing multiple AWS accounts

About 2 min read

What It Does

AWS Organizations is a service for managing multiple AWS accounts as a single organization. It provides account creation, grouping (OUs), permission control through Service Control Policies (SCPs), and cost management through Consolidated Billing.

Use Cases

Used for implementing multi-account strategies (separating production, development, and staging), managing accounts by department, applying organization-wide security policies, and leveraging volume discounts through consolidated billing.

Everyday Analogy

Think of it like a holding company for a corporate group. The holding company (management account) oversees subsidiaries (member accounts), establishes group-wide rules (SCPs), and consolidates accounting (billing). Each subsidiary operates independently while following the group's governance.

What Is Organizations?

AWS Organizations is the foundational service for AWS multi-account management. AWS best practices recommend separating accounts by workload and environment. Organizations lets you manage these accounts hierarchically and apply unified governance. Organizations itself is free to use.

OUs and Service Control Policies

Organizational Units (OUs) are a mechanism for grouping accounts. For example, you might create 'Production OU,' 'Development OU,' and 'Security OU.' Service Control Policies (SCPs) define the maximum permissions applied to OUs or accounts. SCPs can prohibit the use of specific regions or restrict the use of certain services. To broaden your knowledge of OUs and Service Control Policies, specialized books (Amazon) can also be useful.

Getting Started

Click 'Create organization' in the Organizations console, and your current account becomes the management account. Add member accounts by creating new ones or inviting existing ones. Create OUs, place accounts in them, and apply SCPs to establish governance. Using Control Tower alongside it lets you automatically build a multi-account environment based on best practices.

Things to Watch Out For

  • SCPs do not apply to the management account, so avoid running workloads in the management account
  • SCPs define the maximum permissions. Final access permissions are determined by the combination of SCPs and IAM policies
  • Organizations itself is free, but charges apply for the resources consolidated under consolidated billing
共有するXB!

Related Services

AWS Control Tower iconAWS Control TowerA service that automates multi-account environment setup and governanceAWS IAM iconAWS IAMAn authentication and authorization service for securely managing access to AWS resourcesAWS CloudTrail iconAWS CloudTrailA service that records and monitors API activity in your AWS accountAWS IAM Identity Center iconAWS IAM Identity CenterA service that provides single sign-on to multiple AWS accounts and SaaS applications

Related Articles

Retrieving Compliance Reports with AWS Artifact - Audit Response and Agreement ManagementLearn how to retrieve SOC, PCI DSS, and ISO audit reports on demand and apply BAA and GDPR DPA agreements across your entire AWS Organizations structure.The Hidden Structure of AWS Account IDs' 12 Digits - Why 12 Digits, and What Can You Infer?A trivia-style exploration of why AWS account IDs are 12-digit numbers, the design intent embedded in the ARN structure, and the security considerations around what can be inferred from an account ID.Tag Design Determines Operations - Trivia and Practical Naming Conventions for AWS Resource Tagging StrategyWe explain why AWS resource tags are not just labels but the foundation for cost allocation, access control, and automation, covering tag key naming conventions, how to use the 50-tag limit, and governance through tag policies.Why the AWS Account Root User Is Dangerous - The Design Philosophy of Privilege Separation and Practical LockdownWe explain why the AWS root user holds privileges that cannot be restricted by IAM, list the operations only the root user can perform, cover MFA setup methods, and describe the lockdown strategy using Organizations' centralized root access management.Cloud Cost Budget Management - Spending Controls and Alerts with AWS BudgetsLearn how to set budgets, configure cost alerts, and automate actions with AWS Budgets. This article covers choosing budget types, comparing Budgets with Cost Explorer, and managing organization-wide budgets through Organizations integration.

More in This Category

AWS AppFabric iconAWS AppFabric NewA service that standardizes and aggregates audit logs from SaaS applicationsAWS AppConfig iconAWS AppConfig SpecializedA service for safely deploying and managing application configurationAWS Chatbot iconAWS Chatbot SpecializedAn interactive agent that delivers AWS notifications and enables resource operations through Slack and Microsoft TeamsAWS CloudFormation iconAWS CloudFormation EssentialAn IaC service that defines and provisions AWS resources as code using templatesAWS CloudTrail iconAWS CloudTrail EssentialA service that records and monitors API activity in your AWS accountAmazon CloudWatch iconAmazon CloudWatch EssentialA service that provides monitoring, log management, and alarms for AWS resources and applicationsAWS Config iconAWS Config PopularA service that records and evaluates AWS resource configuration changes and continuously monitors complianceAWS Control Tower iconAWS Control Tower PopularA service that automates multi-account environment setup and governance

Similar Articles and Services

AWS OrganizationsAn account management service that centrally manages multiple AWS accounts as an organization, with consolidated billing and service control policies for governanceMulti-Account Management - Organization-Wide Governance with AWS Organizations and RAMLearn how to deploy CloudTrail, Config, GuardDuty, and Security Hub across all accounts using the Organizations delegated administrator model, achieving unified security and compliance management.Multi-Account Management with AWS Organizations - OU Design and Governance with SCPsEstablish governance for multi-account environments through OU hierarchy design and SCP-based access control. Also covers cost management with consolidated billing.Multi-Account Strategy and AWS Organizations - The Optimal Approach to Cloud GovernanceEstablish security boundaries and optimize cost allocation through OU hierarchy design and SCP governance controls in Organizations. This article covers the full picture of multi-account operations, including Control Tower guardrails and consolidated billing.AWS Multi-Account Governance - Organizational Control with Organizations, Control Tower, and SCPsThis article examines the multi-account governance mechanisms centered on AWS Organizations, Control Tower, and SCPs (Service Control Policies), comparing them with Azure Management Groups to explain the differences in enterprise governance design capabilities.