Better Handle for Multiple AWS Accounts Now Available
AWS Organizations, which provide policy-based management for multiple accounts, is now generally available, Amazon Web Services Inc. (AWS) announced yesterday.
For organizations that end up handling multiple AWS accounts, the new, free service allows for central management, as opposed to dealing with them individually with custom scripts and manual processes.
And how do organizations end up having to manage multiple accounts?
"Sometimes they adopt AWS incrementally and organically, with individual teams and divisions making the move to cloud computing on a decentralized basis," AWS spokesperson Jeff Barr said in a blog post yesterday. "Other companies grow through mergers and acquisitions and take on responsibility for existing accounts. Still others routinely create multiple accounts in order to meet strict guidelines for compliance or to create a very strong isolation barrier between applications, sometimes going so far as to use distinct accounts for development, testing and production."
Now, access control policies can be centrally provided for single accounts, groups of accounts or all accounts. All this is can be done in multiple ways: through the AWS Management Console; the AWS Command Line Interface; or programmatically through the service's own API.
"Using AWS Organizations, you can create Service Control Policies (SCPs) that centrally control AWS service use across multiple AWS accounts," the company announced yesterday. "You can also use Organizations to help automate the creation of new accounts through APIs. Organizations helps simplify the billing for multiple accounts by enabling you to setup a single payment method for all the accounts in your organization through consolidated billing."
The Web site for the service, which has been in preview since Nov. 29, details three example use cases in which it can be used by enterprises:
- Control the use of AWS services to help comply with corporate security and compliance policies.
- Automate the creation of AWS accounts for different resources.
- Create different groups of accounts for development and production resources.
All regions except China (Beijing) and AWS GovCloud (US) support the new service, which is available at no additional charge.
David Ramel is an editor and writer for Converge360.