Organizational Unit

Overview

• An account management service.

• A free global service.

• You can have OU by

  • Business unit (sales, devs, finance...)

  • Environemnt lifecycle (dev, test, prod)

  • Project base (Project1, Project2...)

Features

• Help centralize multiple accounts within an organization.

• Enable cross-account services.

• Enable consolidated billing accross multiple accounts

• Shared reserved instances or Saving Plan discounts across multilple accounts.

Service Control Policy

• IAM policies that applied to OU

• Hierarchy

  

Trivia

• OU can be nested

• An account can belong to multiple OU.

• SCP do NOT applied to Management account, only OU. That means SCP that applied to Management account has no meaning.

• If you have 2 policies, 1 deny 1 allow, then the result will be explicit DENY.