AWS Organizations
Definition
AWS service for centrally managing multiple AWS accounts. Like having a corporate headquarters that manages all branch offices with consistent policies.
Use Cases
- Netflix: Multi-account governance for separating environments and teams while maintaining centralized security controls. — Uses multiple AWS accounts for isolation (e.g., production vs. non-production and team ownership) and applies organization-level guardrails using Organizational Units and Service Control Policies (SCPs). Consolidated billing is used to aggregate spend across accounts. (Improved blast-radius reduction through account isolation, more consistent security controls across accounts, and simpler centralized cost management.)
- Airbnb: Centralized governance and billing across many AWS accounts used by different engineering groups. — Organizes accounts into OUs aligned to environments and workloads, applies SCPs to restrict high-risk actions, and uses consolidated billing to manage costs across accounts. (More consistent governance across teams, reduced operational overhead for account management, and clearer cost allocation across business units.)
- Expedia Group: Enterprise-scale AWS account management for multiple brands and teams with standardized security requirements. — Structures accounts under AWS Organizations with OUs for different brands/environments, applies SCP-based guardrails, and centralizes billing and account provisioning processes. (Standardized security posture across a large account fleet and improved administrative efficiency for managing many accounts.)
Provider Equivalents
- AWS: AWS Organizations
- Azure: Azure Management Groups
- GCP: Google Cloud Resource Manager (Organization/Folder hierarchy)
- OCI: OCI Organizations (Tenancy hierarchy) and Compartments
Frequently Asked Questions
- What's the difference between AWS Organizations and AWS Control Tower?
- AWS Organizations is the core service that lets you group and manage multiple AWS accounts, apply Service Control Policies (SCPs), and use consolidated billing. AWS Control Tower builds on AWS Organizations to set up a multi-account landing zone with opinionated best practices, automated guardrails, and account provisioning workflows. In many environments, Organizations is the foundation, and Control Tower is the guided setup and governance layer on top.
- When should I use AWS Organizations?
- Use AWS Organizations when you have (or plan to have) more than one AWS account and need centralized governance. Common triggers include: separating production and non-production accounts, isolating teams or workloads for security, applying consistent restrictions with SCPs, centralizing billing and cost allocation, and delegating administration (for example, security or logging accounts) across an enterprise.
- How much does AWS Organizations cost?
- AWS Organizations itself has no additional charge for creating an organization, OUs, and using consolidated billing. However, you may incur costs from related services you enable or manage through the organization (for example, CloudTrail, Config, GuardDuty, Security Hub, centralized logging, or cross-account data transfers). Always review pricing for the specific AWS services you turn on across member accounts.
Category: software
Difficulty: advanced
See Also