AWS Org ¶
- It is used to
centrally manage
the AWS account using theOrg Units
(OU). - When you create an organization, AWS Organizations automatically creates a root, which is the parent container for all the accounts in your organization.
- You can get one bill per AWS account.
- Here the
star account
⭐ is the master account. - Enable/ Disable the services on AWS using the
Service Control Policies
(SCP). - Bucket policies are at the bucket level only.
- ACLs go down to the object level.
Danger
Do not use the paying account to deploy the resources.
Organizational units¶
In AWS Organizations, you can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.