- Related: Enabling Service Control Policy in AWS Organizations
It may be tempting for IT professionals to view Amazon Web Services (AWS), as an extension of their datacenter with resources and services that are directly under their control, but reality often shows a different picture. AWS usage is often organic, at least in the beginning, in the real world. AWS resources might be used by different departments within an organization for a specific project. This type of AWS usage is not wrong, but it can cause problems. Using AWS in this manner can lead to multiple accounts that are not connected. This can be problematic if the organization is subjected to regulatory standards. AWS allows you to connect all the AWS accounts used within an organization under one centralized structure called an “Organization.” AWS Organizations were launched in February and provide policy-based management of multiple accounts. It is easy to create an Organization. Log in to AWS console to access the home screen. AWS does not offer the option to create an Organization in the AWS services list. Instead, you can create an Organization in the Helpful tips section, located just below the list of services. Figure 1 shows how this works. [Click on the image to see a larger version.] Figure 1: You can create an organization by clicking the Helpful Tips link. Click the Start Now link below the Create an Organization option to create an Organization. The console will open the AWS Organizations screen. Figure 2 shows the results. As you can see, creating an Organization involves three steps: create accounts, organize accounts and apply policies. [Click on the image to see a larger view.] Figure 2: It takes three steps to create an AWS Organization. Click the Create Organization button to be taken to the Create New Organization screen. You have two options on this screen. You can choose to enable all features. This option allows you to implement policy-based controls and hierarchical management. The other option only allows for consolidated billing. Select the option you prefer, then click on “Create Organization”. You will now be taken to the AWS Organizations screen. Figure 3 shows how your account is automatically added into the Organization. This screen includes columns that display account ID and date of account addition. Figure 3: Your account has been automatically added to the Organization. You will see in Figure 3 that there is an Add Account button. This button allows you to add additional accounts to the Organization you have just created. You will be taken to Figure 4 below if you click the Add Account button. [Click on the image to see a larger view.] Figure 4: Create a new account or add to an existing one. AWS allows you to add an existing account or create a new one. This is a great feature because IT can consolidate AWS accounts currently being used within the Organization and can also provision any future AWS accounts. An invitation is required to consolidate accounts. Each AWS account can be considered an independent entity. IT cannot seize an account they don’t own. IT must invite the account owner for the account to be added to the Organization. Click the Invite Account button shown in Figure 4. A