AWS Organizations are a way to centrally manage account hierarchies that resemble organizational structures that make sense from the management, security, and billing perspectives. When you create an organization you have the ability to create organizational units (OUs) and apply black or whitelisting IAM policies that override IAM user policies favoring the former.
To centrally manage billing an organization is needed and for this purpose, a master account must be chosen to manage the entire organization of linked accounts.
- To get started with organizations navigate to the AWS console and search for AWS Organizations.
- You will be prompted to create a new organization, use this option to get started. The next step is to send invites to linked accounts; you will need the managed account ID.
- The linked account will receive the invitation in the same organization's welcome screen. Click on the invitation link and accept the invitation.
- This account now is managed centrally and stops billing at this account level and starts billing at the master account.
You can organize the nodes in a tree structure by using the checkboxes in the accounts section and choosing the move link to associate accounts with organizational units.