How to House Multiple Accounts Within an AWS Organization
Using the AWS Organizations Feature
The AWS Organizations feature provides functionality for centralized account management. It allows you to group multiple accounts into an organizational units (OUs) and, in turn, apply policies to OUs instead of directly to accounts. This type of consolidation becomes extremely valuable as you scale your AWS resources.
In this demo, AWS expert Mike Wise will teach you how to invite or create accounts for your organization by performing the following actions:
- From the AWS Management Console, navigate to My Organization in your IAM user account settings.
- On the AWS Organizations page, select Add Account.
- Select Invite Account, which allows you to invite an existing account into your organization, or Create Account, which allows you to create an AWS account within your organization.
- Provide the full name, email, and IAM role name for the account you’d like to create.
For a visual guide on how to house multiple accounts within an AWS organization, watch the full demo.
So, what you’re going to need to do is log in to your AWS Management Console and then you’re going to need to go up to the top. You’re going to need to go to where it says “My Organization.” An important thing to note is that you’re going to have to sufficient privileges to be able to access this, so you’re going to need to be an administrator. If you go to “My Organization,” it will take you to this screen. Now, when you initially are going to set up your organization, it’s going to take you through some setup steps that are going to let you define which account is going to be the organizational level account. In this case, you can see that we’ve defined the organizational level account, but there aren’t any other accounts attached. If I wanted to add an account into this organization, I would go to “Add Account.” You can either use the “Invite Account” feature or the “Create Account” feature. The “Create Account” feature will allow you to create a new account within the organization whereas the “Invite Account” feature will allow you to put a pre-existing account into the organization. So, you click one of these boxes, we’ll just use the “Create Account” function in this case, and it will allow you to define the account name, the email address that’s going to be the primary account on it, and the IAM role that’s going to allow for account access for this account.