AWS Organizations is a free governance tool that lets users create and manage multiple AWS accounts. It helps in managing multiple users’ accounts from a single location or account, rather than switching every time from one account to another. It is a tool for the centralization and governance of all user’s AWS accounts.

With the help of AWS Organizations, users can create new AWS accounts, link the existing accounts, and share resources among the accounts. AWS users can also centralize their logs and also set policies on how their AWS accounts will be managed.

An AWS user can assign a single AWS account to hold their logs by integrating with AWS CloudTrail. Billing can easily roll up to a single account for payment for all accounts. Reserved Instances can be shared across multiple accounts. This helps users in paying for the Reserved Instances through a centralized system.

The maximum limit of user accounts under AWS organizations is 10. This can also be changed by contacting AWS Support. Setting up AWS Organizations is free of cost. Users will only be billed for the resources utilized in each account.

Components of AWS Organizations:

• Management/Master account – This is the master account in AWS Organizations that has all the administrative rights for all accounts under that particular AWS Organization. It is used to centrally manage all accounts and handle the billing and logs of all accounts in the Organization.
   
• Member account – The accounts in AWS Organization other than the Master account are called member accounts. These can be existing accounts or new accounts added to AWS Organization.
   
• Organization Units (OU) – The unit in which all accounts are grouped are called Organization Units (OU). Multiple OUs can be created in an Organization, and they can be nested within each other.
   
• Policies – AWS Organization provides various policies that help in restricting or setting boundaries for each account. The most important policy provided is the Service Control Policy (SCP). We’ll discuss this in a little more detail ahead.

AWS Organizations Policies:

• AI services opt-out policies – If it is enabled, it allows AI services to store and use your content.
• Backup policies – These are used to enable organization-wide plans for backup to help in compliance. It helps you in maintaining consistency.
• Service Control Policies –  This is the most important policy of AWS Organizations. These help in limiting the accounts within the organization’s access control guidelines.
• Tag policies – These are used to set standards for resources that are tagged in AWS. Users can define the tag keys and their allowed values in this policy.

Service Control Policies (SCP):

Service Control Policies are used with AWS Organizations to create certain policies. It is a document that is used to manage or create permissions or guidelines for users or resources inside your AWS account. This can set limits on what users can do inside an AWS account.

Once implemented, they are applied to each and every resource inside that account. They are the best way to restrict permissions to users or resources. It can also be applied to the Root account. It can be found under AWS Organizations → Policies → Service Control Policies.

AWS Organization Features:

• Centralized Management: Users can link all accounts into a single organization and centrally manage them. Users can add new or existing accounts in AWS into Organizations.
• Central billing for all accounts: The billing of each resource utilized in accounts present in AWS Organizations can be done from one master account. This saves a lot of time and effort.
• Grouping of accounts: Accounts can be grouped in AWS Organizations, either normally or in a hierarchical form. Users can create different Organization Units (OU) with different access levels and can nest OUs inside each other.
• Policies: Users can set policies in AWS Organizations to set boundaries for each account and restrict their activities according to their role.
• Integration with IAM service: AWS Organizations can be integrated with AWS Identity and Access Management (IAM) to set up roles for users and accounts.
• Integration with other AWS services: AWS Organization can be integrated with other AWS services like AWS backup, CloudTrail, etc.
• Free to use: Setting up and using AWS Organization is free of charge. The user is only charged for the resources used by each account.
   

Advantages of Using Organizations

• Quick Scaling of your environments: Using AWS Organizations, users can quickly scale their environment by adding and grouping new accounts. Users can add new accounts to a group and create fresh ones programmatically, owing to the Organization’s APIs. The new account will instantly be covered by the group’s policies.
• Grouping accounts: Accounts can be grouped in a systematic and hierarchical way which makes them easy to use.
• Efficiently provision resources across accounts: Instead of using duplicate resources for different accounts using AWS Resource Access Manager (RAM) with AWS Organization, users can share resources between accounts in that Organization.
• Centrally manage and govern multiple accounts: Users can have master accounts having admin access and can manage all accounts inside that Organization centrally.
• Set limits to what users can do using SCP’s: The user has the option to set policies in AWS Organization which helps in setting boundaries and restricting each account.
• Manage costs and logs centrally: Billing and logs of each account inside AWS Organizations can be handled centrally and in a consolidated manner.

Use Cases of AWS Organizations:

1. Grouping various accounts in AWS.
2. Restricts access to accounts via a single account.
3. Billing and costs are to be checked and paid via a single account, i.e. centrally.
4. Share resources between various accounts.
5. Set up prod or dev or foundation OU accounts.
6. Set up accounts in a hierarchical or nested manner.

Conclusion:

To conclude, AWS Organizations is a great service provided by AWS to consolidate all your accounts into one place known as Organization. It helps in using as well as managing the different accounts also their costs from a single place rather than doing it individually. This helps users a lot in saving their time and effort in the management of these multiple accounts. At the start, it might feel a little complex to use but as the user keeps on learning this helps in saving a lot of time, effort, and money.