What benefits does AWS Organizations provide?
Consolidation of AWS billing (including using a single payment method).
Consolidation of reservations and volume discounts.
Service Control Policies
What is a Management Account?
A Management Account is the account that you use to create the organization. From the organization’s management account, you can do the following:
- Create accounts in the organization
- Invite other existing accounts to the organization
- Remove accounts from the organization
- Designate delegated administrator accounts
- Manage invitations
- Apply policies to entities (roots, OUs, or accounts) within the organization
- Enable integration with supported AWS services to provide service functionality across all of the accounts in the organization.
The management account has the responsibilities of a payer account and is responsible for paying all charges that are accrued by the member accounts. You can’t change an organization’s management account.
What do you call an AWS account that joins an Organization?
A Member Account.
What can be contained in the Organization Root?
Organizational Units (OU) or AWS accounts (both the Management Account and Member Accounts).
What are the two ways to add an AWS account to an Organization?
By inviting an existing AWS account to join the Organization or by creating a new AWS account directly within the Organization.
What does Role Switching do?
It allows a user to assume the role of another user within an Organization through the console GUI.
What are Service Controls Policies (SCP)?
They establish permissions for a Member AWS account within an Organization. This has the effect of limiting what the root user of that account can do because the SCP limits the entire account. SCPs do not grant permission to identities within the account, they simply limit what the account as a whole can do.
Is the Management Account impacted by Service Control Policies?
No.
-
AWS Basics24
-
CloudTrail7
-
CloudWatch4
-
Control Tower1
-
IAM: Identity and Access Management29
-
AWS Organizations8
-
S3: Simple Storage Service83
-
VPC: Virtual Private Cloud80
-
EBS: Elastic Block Store41
-
EKS: Elastic Kubernetes Service4
-
ECS: Elastic Container Service16
-
Route 5331
-
RDS: Relational Database Service46
-
DynamoDB2
-
Aurora16
-
EFS: Elastic File System5
-
High Availability & Scaling42
-
Lambda26
-
Event Bridge2
-
SNS: Simple Notification Service7
-
Step Functions5
-
API Gateway12
-
SQS: Simple Queue Service17
-
Kinesis12
-
Cognito6
-
Glue2
-
MQ3
-
AppFlow1
-
CloudFront29
-
ACM: AWS Certificate Manager10
-
Lambda@Edge5
-
Global Accelerator3
-
Site-to-Site VPN7
-
DX: Direct Connect11
-
Storage Gateway16
-
Snowball3
-
Directory Service3
-
DataSync5
-
FSx for Windows File Server6
-
FSx for Lustre5
-
Transfer Family5
-
Secrets Manager1
-
WAF: Web Application Firewall7
-
Shield2
-
CloudHSM6
-
Config5
-
Macie1
-
Inspector4
-
GuardDuty2
