In this post, I make available my notes about AWS Organization made from Adrian Cantrill’s course AWS Certified Solutions Architect – Associate (SAA-C02). The Q&A session below can be used to validate your knowledge or create Flashcards for study. Since this is a piece of knowledge in construction there may be mistakes, drop a comment for any suggestions.
AWS Organization is a product that helps you manage multiple AWS Accounts. One of the main benefits is consolidated bills from multiple accounts by having a single payment method and a single bill. It also allows consolidation of resource usage which has discounts as more resources are used.
An AWS account that is not part of an AWS Organization nor has an Organization inside is known as Standard AWS Account, once you create the AWS Organization it becomes a “Management Account” that is also known as “Master Account” or Payer Account.
A “Management Account” can invite existing accounts to join the organization and become a “Member Account”. These organizations can be organized in groups as a hierarchical tree.
AWS Organization can also create AWS Accounts, which give you the ability to have a central AWS Account for IAM Users. This also allows you to use a “Role Switch” to allow ID Federation users to have access to your accounts. The “Role Switch” can delegate the assumed role for other accounts within your Organization.
The “Organization Root” is the top level of the “Management Account” and can organize the accounts in a hierarchical, tree-like structure with one or more Organization Units (OU). An Organization Unit (OU) is an AWS Account that has other member accounts or Organization Units. But do not make confusion between Organization Root and Root User, both are different since Root User is the default user with full privileges on your AWS Account.
Service control policies (SCPs) are a type of organization policy that you can use to manage permissions in your organization.
See more content like this by accessing the Study Note Tag or AWS Category inside this blog.
What is AWS Organization?
A product that helps you manage multiple AWS Accounts.
What are the main benefits of the AWS Organization?
Consolidated bills from multiple accounts by having a single payment method and a single bill.
How AWS Organization can help you save money?
It also allows consolidation of resource usage which has discounts as more resources are used.
What is a Standard AWS Account?
An AWS account that is not part of an AWS Organization nor has an Organization inside.
What is the name of the AWS Account without an "AWS Organization"?
Standard AWS Account
What is the name of the AWS Account that has the "AWS Organization"?
"Management Account" is also known as "Master Account" or Payer Account.
How does a Standard Account become part of an Organization?
Accepting the invitation to join the organization.
What is a Member Account?
An AWS Account that joined the Organization.
How does "Master Account" organize its member accounts?
In groups as a hierarchical tree.
What ability AWS Organization gives you related to IAM Users?
To have a central AWS Account for IAM Users when the account was created by the AWS Organization service.
What is "Role Switch"?
A type of Role that allows ID Federation users to have access to your accounts and can delegate the assumed role for other accounts within your Organization.
What is "Organization Root"?
The top level of the "Management Account".
How does an "Organization Root" organize accounts?
In a hierarchical, tree-like structure with one or more Organization Units (OU)
What is "Organization Unit" (OU)?
An Organization Unit (OU) is a logical grouping of accounts in your organization.
What is the difference between "Organization Root" and "Root User"?
Root User is the default user with full privileges on your AWS Account. Organization Root is the top level of the Management Account.
What are Service Control Policies (SCPs)?
Type of organization policy that you can use to manage permissions in your organization.