76. AWS Organizations

已于 2022-02-15 14:43:44 修改
阅读量250 收藏
点赞数
分类专栏: AWS Certification 文章标签: aws
于 2022-02-15 10:53:45 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/meiyubaihe/article/details/122930211
版权
AWS Organizations是一个账户管理服务,允许您将多个AWS账户整合到一个组织中集中管理,包括账户管理、合并计费功能。组织由一个管理账户和零个或多个成员账户组成,可以创建层次结构来分组账户。服务控制策略(SCP)定义了账户内用户和角色可使用的服务和操作。此外,建议为管理账户和成员账户设置安全最佳实践,如使用复杂密码、启用MFA,并限制根用户的权限。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

Overview

  • AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
  • AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business
  • AWS Organizations is offered at no additional charge. You are charged only for AWS resources that users and roles in your member accounts use. 

AWS Organizations terminology and concepts

  • Organization
    • An entity that you create to consolidate your AWS accounts so that you can administer them as a single unit.
    • An organization has one management account along with zero or more member accounts.
    • You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root.
    • Each account can be directly in the root, or placed in one of the OUs in the hierarchy.
  • Root
    • The parent container for all the accounts for your organization.
    • If you apply a policy to the root, it applies to all organizational units (OUs) and accounts in the organization.
  • Organizational unit (OU)
    • A container for accounts within a root
    • When you attach a policy to one of the nodes in the hierarchy, it flows down and affects all the branches (OUs) and leaves (accounts) beneath it.
    • An OU can have exactly one parent, and currently each account can be a member of exactly one OU.
    • Each OU can contain multiple accounts, and you can move accounts from one OU to another.
    • OUs can be nested up to five levels deep.
    • You can use organizational units (OUs) to group accounts together to administer as a single unit. This greatly simplifies the management of your accounts
  • Account
    • An account in Organizations is a standard AWS account that contains your AWS resources and the identities that can access those resources.
    • There are two types of accounts in an organization: a single account that is designated as the management account, and one or more member accounts.
  • Service control policy (SCP)
    • A policy that specifies the services and actions that users and roles can use in the accounts that the SCP affects.
    • SCPs are similar to IAM permissions policies except that they don't grant any permissions.
    • Instead, SCPs specify the maximum permissions for an organization, organizational unit (OU), or account.
    • When you attach an SCP to your organization root or an OU, the SCP limits permissions for entities in member accounts.
  • Backup policy
    • A type of policy that helps you standardize and implement a backup strategy for the resources across all of the accounts in your organization.

Best practices for the management account

  • Use the management account only for tasks that require the management account
  • Use a group email address for the management account's root user
  • Use a complex password for the management account's root user
  • Enable MFA for your root user credentials
  • Add a phone number to the account contact information
  • Review and keep track of who has access
  • Document the processes for using the root user credentials
  • Apply controls to monitor access to the root user credentials

Best practices for member accounts

  • Use a group email address for all member account root users
  • Use a complex password for member account root user
  • Enable MFA for your root user credentials
  • Add the management account's phone number to the member account contact information
  • Review and keep track of who has access
  • Document the processes for using the root user credentials
  • Use an SCP to restrict what the root user in your member accounts can do
  • Apply controls to monitor access to the root user credentials

AWS Account Management

  • AWS Account Management extends AWS Organizations to also include the management of the metadata attached to an AWS account, such as the alternate contact information.
  • When you enable trusted access for Account Management, the Account Management service grants Organizations and its management account permissions to access the metadata for all of the organization's member accounts.
  • After you enable trusted access, you can also choose to designate one of your member accounts as a delegated admin account for AWS Account Management. 

Reference

What is AWS Organizations? - AWS Organizations

Welcome to the AWS Account Management Reference Guide - AWS Account Management

创建AWS Organizations&SCP
iloveaws的博客
05-29 658
Hello大家好,欢迎回来,我们今天视频课程的内容是从头开始创建一个AWS组织,加入组织,以及演示AWS组织的两个功能集的内容。。 演示环境 为了演示我们准备了两个AWS账户,左边的账户我们使用safari浏览器登陆,准备创建组织,作为主账户; 右边的账户我们使用google chrome浏览器登陆,作为加入组织的成员账户。 我们现在已经分别使用根账号登陆了两个AWS账户,然后通过管理控制台右上角,我们分别可以看到两个账户对应的账户ID 创建组织 我们要在左边的这个账户上创建AWS组织,我们现在打开AW
63. AWS WAF, AWS Firewall Manager, and AWS Shield
JessicaWin
02-10 609
AWS WAF is a web application firewall that lets you monitor the HTTP and HTTPS requests that are forwarded to an Amazon CloudFront distribution, an Amazon API Gateway REST API, an Application Load Balancer, or an AWS AppSync GraphQL API.
AWS Organizations
iloveaws的博客
12-02 1421
关注公众号:AWS爱好者(iloveaws) 文 | 沉默恶魔(禁止转载,转载请先经过作者同意) 网站:www.iloveaws.cn 【 Domain 1的组织复杂性设计(Design for Organizational Complexity)】——AWS Organizations Hello大家好,欢迎回来,我们今天介绍AWS Organizations的内容。在您的企业是多AWS账户...
01 - AWS Organization
Jack汪喆的技术分享栏
06-14 614
今天的内容主要是介绍关于AWS Organization的常用操作内容 什么是AWS Organization AWS Organization内容介绍 添加组织成员 AWS提供两种方式添加组织成员 创建新账户 可以通过选择Create an AWS account的方式创建一个新的账户 填写您的账户名称以及对应的邮箱号(请注意,邮箱号需要是唯一的,因为登录控制台console时需要使用邮箱的方式),点击Create AWS accountu ...
优化AWS使用成本系列(二)AWS Organizations与组织的成本优化文化建设
iloveaws的博客
05-21 809
文 | 沉默恶魔(转载请注明出处) 关注公众号:AWS爱好者 微信号:chenmoemo 我们继续《优化AWS使用成本》系列的第一部分成本优化基础的剩下内容。 –使用有效的账户结构– 使用有效的账户结构,主要是指整合账户。整合账户这部分主要是针对企业有多个AWS账号的情况,尽早的对组织的账户规划对于成本的优化会非常有帮助。 整合账户是指通过AWS organizations服务进行AWS账户的...
AWS organization 简单探究
最新发布
陈锐的技术笔记
10-07 436
集中控制每个账户可访问的AWS服务和API操作的策略。管理员可以使用服务控制策略SCP指定成员账户的最大权限数。在SCP中可以限制每个成员账户的用户和角色可以访问的AWS服务,资源和各API操作,以及相应的访问条件。场景:下图显示了一个包含五个账户的基本组织,这些账户在根下分为四个组织部门(OU)。为组织账户中的资源配置自动备份的策略-AWS backup。控制AWS AI和机器学习服务可以收集和存储数据的策略。这样该用户可以使用aws的其他服务了。所有成员账户的整合账单。通过邮箱重置密码后登录。
69. AWS Developer Tools
JessicaWin
02-14 474
Introduce aws developer tools
66. AWS Single Sign-On
JessicaWin
02-10 273
AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to all of your AWS accounts and cloud applications.
20. AWS Backup
JessicaWin
08-04 336
AWS Backup is a fully-managed data protection service that makes it easy to centralize and automate across AWS services, in the cloud, and on premises.
AWS Identity and Access Management (IAM)学习笔记
pg_edb博客
02-23 1771
IAM is a powerful service that allows you to control how people and programs are allowed to manipulate your AWS infrastructure. First, IAM is not an identity store/authorization system for your applic...
整合账户(AWS Organizations)中的RI优先顺序及如何关闭RI共享
iloveaws的博客
08-12 922
文 | 沉默恶魔(转载请注明出处) 关注公众号:AWS爱好者 微信号:chenmoemo 网站:www.iloveaws.cn // 当我们的企业开始采用云服务时不仅仅面临的是技术革新,它还很有可能改变原组织的运作方式。当企业由原定期发生的投资IT资源,转变为价格与资源有效利用密切相关时,了解驱动云定价的因素和成本优化策略知识是非常值得的,它将会为我们的企业节省大量的成本支出。 目前虽然有很多...
日期传递过程_在 AWS 上轻松升级您即将到达支持终止日期的 Microsoft 2008 R2 工作负载...
weixin_42432918的博客
12-29 228
“许多 IT 组织运行 Microsoft Windows Server 2008 R2 操作系统和 Microsoft SQL Server 2008 R2 数据库系统的已经超过 10 年。而相应产品即将达到支持终止 (EOS) 日期(SQL Server 是 2019 年 7 月,Windows Server 是 2020 年 1 月)。因此,组织急需将这些系统升级到受支持的版本,以...
2.4 AWS EC2 Pricing options
JessicaWin
06-03 1853
Amazon EC2 provides a few purchasing options to enable you to optimize your costs based on your needs.
96. AWS Well-Architected Framework Whitepaper
JessicaWin
02-17 1535
The AWS Well-Architected Framework helps you understand the pros and cons of decisions you make while building systems on AWS.
34. Amazon OpenSearch Service (successor to Amazon Elasticsearch Service)
JessicaWin
11-15 1499
Amazon OpenSearch Service (successor to Amazon Elasticsearch Service) is a managed service that makes it easy to deploy, operate, and scale OpenSearch clusters in the AWS Cloud. Amazon OpenSearch Service supports OpenSearch and legacy Elasticsearch OSS.
15. Amazon S3
JessicaWin
07-27 1307
Overview Amazon Simple Storage Service (Amazon S3) is storage for the Internet. It is designed to make web-scale computing easier. Amazon S3 has a simple web services interface that you can use to store and retrieve any amount of data, at any time, from
44. Amazon Managed Streaming for Apache Kafka
JessicaWin
11-30 1033
Amazon Managed Streaming for Apache Kafka (Amazon MSK) is a fully managed service that enables you to build and run applications that use Apache Kafka to process streaming data.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值