• AWS

  • Step-by-Step Guide to Setting Up Multiple AWS Accounts Using AWS Organizations

Step-by-Step Guide to Setting Up Multiple AWS Accounts Using AWS Organizations

Step-by-Step Guide to Setting Up Multiple AWS Accounts Using AWS Organizations

  1. Create an AWS Organization

    • Log into the AWS Management Console with your primary account
    • Navigate to AWS Organizations
    • Click "Create Organization"
    • Choose "Enable all features"

  2. Design Organizational Structure

    • Create a logical hierarchy using Organizational Units (OUs)
    • Example structure:
      Root
      ├── Production
      ├── Development
      └── Security

  3. Add Member Accounts

    • Option 1: Create new accounts
      • In the Organizations console, click "Add account"
      • Provide email address, account name, and IAM role name
      • Click "Create account"
    • Option 2: Invite existing accounts
      • In the Organizations console, click "Invite accounts"
      • Enter email addresses of accounts to invite
      • Assign management role
      • Send invitation

  4. Group Accounts into OUs

    • In the Organizations console, select the account
    • Choose "Move" and select the appropriate OU

  5. Set Up Service Control Policies (SCPs)

    • Navigate to the Policies tab in Organizations
    • Create SCPs to define permission boundaries
    • Attach SCPs to OUs or individual accounts

  6. Enable AWS Single Sign-On (Optional)

    • Go to the AWS SSO Console
    • Click "Enable AWS Single Sign-On"
    • Configure identity source (AWS SSO directory or external provider)
    • Assign users and groups to AWS accounts
    • Define permission sets for access control

  7. Implement Role-Based Access Control

    • Define roles based on job functions
    • Create IAM policies for each role
    • Attach policies to permission sets in AWS SSO

  8. Test and Verify

    • Sign in to member accounts to ensure proper access and restrictions
    • Adjust permissions and policies as needed

  9. Enable Integrated AWS Services

    • Review and enable AWS services that integrate with Organizations

  10. Set Up Consolidated Billing

    • Configure billing preferences in the management account
    • Review cost allocation tags for detailed billing reports

By following these steps, you can effectively set up and manage multiple AWS accounts using AWS Organizations, improving security, governance, and operational efficiency across your cloud infrastructure.