Learning AWS Day by Day — Day 73 — AWS Organizations

Exploring AWS !!

Day 73

AWS Organizations

Lets you centrally manage multiple AWS accounts added to our ‘organization’.
If we are admins of an organization, then we can invite the existing customers of AWS to join Organization, or we can create it directly.

Features:
Centralized management system
Consolidated billing for all member accounts
Control over account’s usage
Integration with IAM
Consistent data replication
Standardized tags across accounts

Pricing:
No additional charges. Charges apply only to the usage of other AWS services by all member accounts.

Ways to access:
Console — Organizations can be managed through AWS management console or browser.
Command-Line Tool: Can use the services through CLI, and is faster than console.
AWS SDKs: have libraries for writing codes as well as access Organizations.
HTTPS Query API: gives programmatic access to Organizations and its services.

Quotas:
Maximum and Minimum values:

Number of roots in an Organization: 1
Number of OUs: 1000
Number of policies: 1000
OU maximum nesting in a root: 5
Number of member accounts created concurrently: 5

Expiration time for Handshakes: Invitation to join Organization: 15 days
Request to enable all features in Organization: 90 days
Handshake is deleted and no longer appears: 90 days

How IAM works with Organizations? 1. Creates groups of accounts with Organizations
2. Attaches SCPs (service Control Policies) to those groups to centrally control the accounts.
3. Entities in AWS can only use services allowed by both SCP and IAM policies for each account