House Accounts in CloudTrail
Using the AWS Organizations Feature
To securely create a multi-account AWS environment, we recommend housing AWS accounts within an organization. The AWS Organizations feature provides functionality for centralized account management. It allows you to group multiple accounts into an organizational units (OUs) and, in turn, apply policies to OUs instead of directly to accounts. This type of consolidation becomes extremely valuable as you scale your AWS resources and architecture.
For more information, visit the AWS documentation for AWS Organizations best practices.
Account architecture within AWS is a complex topic. Users should ensure that accounts are defined under an organization within their environment. By doing this, users have a logical grouping of accounts that are managed by the organization. By having the organizational level, the organization can implement specific features such as CloudTrail at the organizational level, which allows users to ensure that any account created has defined cloud trails enabled by default.