AWS Organizations

AWS Organizations is a service that enables you to centrally manage and govern your AWS accounts. It is important because it simplifies account management, allows you to enforce policies across multiple accounts, and provides consolidated billing.

What is AWS Organizations?
AWS Organizations is a tool that helps you centrally manage and govern your environment across multiple AWS accounts. It allows you to create groups of accounts, called Organizational Units (OUs), and apply policies to these groups. This enables you to enforce governance, security, and compliance policies across your accounts.

How AWS Organizations Works

• You create an organization and designate a master account.
• You invite or create member accounts and place them into OUs.
• You create Service Control Policies (SCPs) and attach them to the organization root, OUs, or individual accounts.
• SCPs define the maximum permissions for member accounts.
• You can centrally manage and monitor account activity.

• Understand the difference between SCPs and IAM policies. SCPs define the maximum permissions, while IAM policies define the actual permissions.
• Know that SCPs do not grant permissions; they only limit permissions that would otherwise be allowed.
• Remember that you can enable/disable AWS services using SCPs.
• Recognize scenarios where AWS Organizations would simplify management and governance across multiple accounts.