Source: medium.com
AWS Organisation: an offer you can’t refuse
Ladies and gentlemen welcome to the greatest day of your lives, today we are covering AWS Organisations; the absolute Godfather of permissions. Organisations are a simple and easy way of managing multiple AWS accounts, you can still use them to manage single accounts and use some of the super useful features that way, but multiple account management is where AWS Organisations really start to shine.
Once you are the head of a mob family, welcome to the rest of your life, members come and go, but this is for life 👊
Well this is best shown in the diagram above, the accounts you are assessing the permissions for are a culmination of all the SCP’s applied to any and all parent nodes (nodes being any entity — root accounts, member accounts and OU’s in the diagram) that you can trace back up the tree to the Root.
This is hella useful when you want to limit what services your organisation can use and that is a relatively short list, using the Allow List Strategy to add an SCP on the Root account and say bye bye to all the unwanted services that cost WAY too much and aint nobody got money for that.
Once you are the head of a mob family, welcome to the rest of your life, members come and go, but this is for life 👊
Well this is best shown in the diagram above, the accounts you are assessing the permissions for are a culmination of all the SCP’s applied to any and all parent nodes (nodes being any entity — root accounts, member accounts and OU’s in the diagram) that you can trace back up the tree to the Root.
This is hella useful when you want to limit what services your organisation can use and that is a relatively short list, using the Allow List Strategy to add an SCP on the Root account and say bye bye to all the unwanted services that cost WAY too much and aint nobody got money for that.
Related Articles
Community Partners
DevOps Careers