AWS Organizations
Suppose that your company has multiple AWS accounts. You can use AWS Organizations to consolidate and manage multiple AWS accounts within a central location.
When you create an organization, AWS Organizations automatically creates a root, which is the parent container for all the accounts in your organization.
In AWS Organizations, you can centrally control permissions for the accounts in your organization by using service control policies (SCPs). SCPs enable you to place restrictions on the AWS services, resources, and individual API actions that users and roles in each account can access.
Consolidated billing is another feature of AWS Organizations. You will learn about consolidated billing in a later module.
Organizational units
In AWS Organizations, you can group accounts into organizational units (OUs) to make it easier to manage accounts with similar business or security requirements. When you apply a policy to an OU, all the accounts in the OU automatically inherit the permissions specified in the policy.
By organizing separate accounts into OUs, you can more easily isolate workloads or applications that have specific security requirements. For instance, if your company has accounts that can access only the AWS services that meet certain regulatory requirements, you can put these accounts into one OU. Then, you can attach a policy to the OU that blocks access to all other AWS services that do not meet the regulatory requirements.
'AWS > Security' 카테고리의 다른 글
| [Security] Additional security services (0) | 2022.05.05 |
|---|---|
| [Security] AWS Shield to protect against Denial-of-service attacks (DDoS) (0) | 2022.05.05 |
| [Security] Compliance (0) | 2022.05.05 |
| [Security] User permissions and access (0) | 2022.05.05 |
| [Security] AWS Shared Responsibility Model (0) | 2022.05.05 |