AWS Organizations

AWS Organizations

Published: Wednesday, 19 January 2022

AWS Organizations

A single AWS account can manage several AWS member accounts. One pattern is to create a member account for each combination of application and environment. Benefits include:

  • Consolidated billing and reporting.
  • Resource limitations per account.
  • It is easier to fully tear down an environment.
  • Reduced blast radius in case of compromise or other unintended actions.

Member Account Creation and Setup

There needs to be a top-level management AWS root account where billing details are provided. This is the management account.

To create a new member account, a working email account must first be created.

When setting up multiple member accounts, consider

  • a naming convention for the email address and the AWS account names,
  • tags for querying the member accounts.

Click on AWS OrganizationsAWS accountsAdd an AWS AccountCreate an AWS account

If an account is created independently then billing details may have to be provided during signup.

Member Account Termination

  1. Login to the member account as the AWS root user.
  2. Review the billing breakdown and terminate all services.
  3. Close the account
  4. Login to the management account and remove the member account from the organisation.

If the member account is not closed then it cannot be detached from the management account unless it has valid billing details.

References