AWS Account Management

John

The following are covered in this post:

  • Billing
  • Organizations
  • Resource Groups
  • Tagging
  • Active Directory Integration

 

AWS Organizations

AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. It features consolidated billing. There is no additional charge for using Organizations.

An organization has one master account along with zero or more member accounts. You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root. An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree, with a root at the top and branches of OUs that reach down, ending in accounts that are the leaves of the tree.

Billing

Billing Benefits

  • One bill per AWS account
  • Easy to track charges and allocate costs
  • Volume pricing discount
    • More S3 storage used across the accounts, the more discount applied for all accounts
  • Reserved Instances can be shared
  • The paying/billing account is really there just for billing. Should not deploy resources.

Auditing

CloudTrail can be consolidated into a single account, makes it easier for auditing across all accounts.

Policies can also be created and applied to specific accounts. Policies can be Deny/Allow of certain services.

AWS Services that work with Organizations

  • IAM
  • Artifact (compliance reports such as ISO and PCI)
  • CloudTrail
  • CloudWatch
  • Config
  • Control Tower (govern compliant multi-account AWS environment)
  • Directory Service
  • Firewall manager (configure WAF rules)
  • RAM
  • Service Catalog
  • Quotas
  • Single Sign On
  • Systems Manager
  • Tag policies

 

Tagging and Resource Groups

Tags are key value pairs attached almost all AWS resources. Some tags are inherited, such as when auto-scaling the instances are auto tagged.

A tag is a label that you assign to an AWS resource. Each tag consists of a key and an optional value, both of which you define.

Tags enable you to categorize your AWS resources in different ways, for example, by purpose, owner, or environment. This is useful when you have many resources of the same type—you can quickly identify a specific resource based on the tags you’ve assigned to it. For example, you could define a set of tags for your account’s Amazon EC2 instances that helps you track each instance’s owner and stack level.

Resource Groups

You can use resource groups to organize your AWS resources. Resource groups make it easier to manage and automate tasks on large numbers of resources at one time. This guide shows you how to create and manage resource groups in AWS Resource Groups.

Resource Groups make it easy to group your resources using tags. It can also contain information such as:

  • Region
  • Name
  • Health Checks
  • For EC2
    • IP addresses
  • ELB
    • Port definitions

 

AWS Support

AWS Support offers a range of plans that provide access to tools and expertise that support the success and operational health of your AWS solutions. All support plans provide 24×7 access to customer service, AWS documentation, whitepapers, and support forums. For technical support and more resources to plan, deploy, and improve your AWS environment, you can select a support plan that best aligns with your AWS use case.

There are 3 levels of support:

  • Enterprise
  • Business
  • Developer

 

References

Organizations
https://docs.aws.amazon.com/ARG/latest/userguide/welcome.html

Tagging
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html