This playbook explains the account hierarchy to be followed under AWS organizations & account naming conventions leveraging AWS organization Units, AWS accounts & SCPs, etc. Please ensure the standards mentioned in this document are followed for any AWS accounts created at CAW Studios.
What is AWS Organization? ****
AWS Organizations is a service that allows you to manage and govern multiple AWS accounts centrally. Some of the terminologies used in AWS Organizations include:
- AWS Organization: It is the top-level container for all the AWS accounts you want to manage using AWS Organizations.
- Account: An AWS account is a container for resources, such as EC2 instances, S3 buckets, and Lambda functions, used to run your applications and services.
- Organizational unit (OU): An OU is a container within an organization that groups account together based on business function or application.
- Root: The root is the highest level of an organization and is created automatically when you create an organization.
- Service control policies (SCPs): SCPs allow you to control actions performed in an account or OU.
- Policy: A policy is a document that defines the rules and regulations used to govern the use of resources within an organization.
- Tag: You can assign a label to AWS resources, such as EC2 instances, S3 buckets, and Lambda functions, to help you organize and manage them.
- Master account: The master account is the account that is used to create and manage an organization.
- Member account: A member account is an AWS account associated with an organization.
- Cross-account access: Cross-account access allows you to grant access to resources in one account to users or resources in another account.
What are AWS SCPs (Service Control Policies)?
Service control policies (SCPs) are a type of organizational policy you can use to manage permissions in your organization. SCPs offer central control over the maximum available permissions for all accounts in your organization. SCPs help you to ensure your accounts stay within your organization’s access control guidelines
Workflow Diagram :
