Versions Compared

Old Version 16

changes.mady.by.user Daria Lebedeva

Saved on

compared with

New Version 17

changes.mady.by.user Daria Lebedeva

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Info

AWS Organizations is a Policy-based management for multiple AWS accounts.

Table of Contents

About AWS Organizations

AWS Organizations offers policy-based management for multiple AWS accounts. With Organizations, you can create groups of accounts, automate account creation, apply and manage policies for those groups. Organizations enables you to centrally manage policies across multiple accounts, without requiring custom scripts and manual processes.

Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts. You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing. AWS Organizations is available to all AWS customers at no additional charge.
More information can be found here.

...


Benefits Of Using AWS Organizations In Cloudaware

  1. No need to manually add every AWS account

  2. Automate on-boarding of your AWS Accounts into Cloudaware

  3. Ability to see which AWS Organizational Accounts exist but are not in Cloudaware CMDB as AWS Accounts.

Requirements

  1. AWS Organization Master Account has been added to Cloudaware CMDB.

  2. Cloudaware has the following IAM permissions on AWS Organizations Master Account:

Code Block
organizations:DescribeOrganization
organizations:ListRoots
organizations:ListOrganizationalUnitsForParent
organizations:ListAccountsForParent

Overview Checklist

  1. Ensure AWS Organizations Master Account has a green status indicator in the Admin panel.

  2. Deploy the Cloudaware CloudFormation template to all AWS Organizational Accounts

  3. Request auto-adding of all AWS Organizational Accounts to Cloudaware CMDB

  4. AWS Organizational Accounts are now visible as AWS Account objects.

...

2. You should see at least one AWS Organization and N number of AWS Organizational Accounts.

 Image Removed

...

If you do not see any AWS Organizations, there are two possible reasons:

  1. Insufficient permissions on AWS Organizations Master Account.

  2. AWS Organizations Master Account has not been added to Cloudaware.


Double check Requirements and Overview Checklist sections above.


STEP 2. Cloudaware Access To AWS Organizations Sub-Accounts

...

2. Deploy CloudFormation template on every AWS Organizations Sub-Account.

Warningnote

When granting Cloudaware access to AWS Organizations Sub-Account, IAM External ID must be either blank or the same value for all AWS Organizations Sub Accounts. See the screenshot below.

...

Image Added


If you need instructions on how to download the template and execute CloudFormation Stack, click here.


Adding multiple AWS accounts with CloudFormation StackSets

...