Implementing AWS Organizations

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello and welcome to this lecture which would explain how to initially set up and configure AWS organizations setting up an organization is a very simple process that starts from a master AWS account your master account is a standard AWS account II have chosen to create the AWS organization it's best practice to use this AWS account solely as a master account and not to use it to provision any other resources such as ec2 instances etc this allows you to restrict access to the master account at a greater level the few users who need access to it the better and you need to do this because the master account carries certain administrative level capabilities such as being able to create additional a diverse accounts within your organization invite other accounts to join your organization remove AWS accounts from your organization and apply security features via policies to different levels within your organization once you have selected your AWS account to be used as a master account you can create an organization from here you have two choices when creating an organization type enable all features or enable only consolidated billing if you want to set up seven control policies then you need to select enable all features the second option allows you to control payments and manage cost centrally from that master account across all associated AWS accounts within the organization when the organization is created the master account can create organizational units for AWS account management as required the master account can also invite other member aw counts to join the organization during this Invitational process the account owner of these invited a diverse accounts will receive an email requesting that their aid of its account join the organization once the accounts have joined the organization the master account can remove these accounts into the corresponding oh use that have been created and associated relevant service control policies with them let me now show you via demonstration on how to create a new organization and invite an insisting account to join it now I'm logged in to my a device management console in the AWS account that I want to be the master account and the first thing I need to do is go to AWS organizations which is under the management and governance category and you can see it just at the top here so if I go into organizations and the moment I don't have any organization set up or created so the first thing I need to do is click on create organization then this gives you a quick high-level screenshot just to explain what creating an organization does so it provides single-payer and centralized cost tracking it lets you create an invite accounts it allows you to apply policy based controls and it helps you simplify organization wide management of AWS services now as I mentioned previously there's two options when you create your organization you can either create it with all features enabled which is why I just listed or as you can see here you can just create your organization to consolidate your billing features but off this demonstration I'm going to create it with all features so let's go ahead and create our organization and that's effectively it so it's very easy to create your a duress organization to start with and because this is a brand new organization this is my master account which is signified by this star here and this is my account name and my account ID so to actually create the organization is very simple but now I want to add another account as a member account so let me go ahead and do that so if I select add account now have two options here I can invite an existing account or create a new account now I already have another a double account so I'm going to invite an existing account now I need to enter the email or account ID so I'll just paste in my account and you can add any notes here for example please join my organization and then you select invite okay now we can see that we have a request that's been sent as an invitation the status is currently open so now the email address that was registered with this account will get an invitation and they must accept that invite into this organisation so take a look and see if I've got that email so here we can see the email that's being sent to the owner of that member account and it says Stuart would like to add your ADA us account to their organization as a member account and then it just gives some additional blurb about a SS organisations but to accept the invitation and to understand what features have been enabled we need to click on this link here so if I select a link and sign in to my account using my details and MFA code then I can see that I have an invitation from AWS organizations we can see the organization ID the master account name and then with questa controls which is enable all features so here I can either accept or decline and I'm going to accept I just need to confirm the confirmation message about joining the organization okay now this member account is now a part of that organization so if I go back to my master account now I can see now that within my AWS organization of one master account I have to see a demo account which is the name of my other account and we can see that it's not a master because it hasn't got the star whereas this account has this is the master account so as you can see it's a very simple process to invite other accounts to your organization now also mention previously about organizing accounts in using organizational units so if we select organize accounts at the moment we only have the route in here so I can create a new organizational unit and assign each of these accounts into those so for example let me create a new organizational unit called production now I'm also going to create a second organizational unit called tests so let me create another one at the moment under root we have our two accounts so we have a master account and our member account here now I want to move my master into the production organizational unit just to make things a little more organized so I can select the account click on move and then simply select where I want it to reside within the tree and then click move and we can see it's now been removed from the root location and I want to do the same with the member account but this time I want to move that into the test oh you so now if I click on production over here this organizational unit we can see the account that it has inside it and again if we go back to the root and click on test we can see that we have the member account so I just wanted to show you that quickly just to show you how you can easily and quickly organize your different Adamas accounts okay that's the end of the demonstration
Info
Channel: Cloud Academy
Views: 8,039
Rating: 4.7468352 out of 5
Keywords: AWS, amazon web services, saa-c02, amazon, aws certification, online training course, cloud training, cloud skills, cloud computing, tech skills, cloud academy, solution architect associate exam, certification exam, digital transformation, innovation, cloud, aws cloud, stuart scott, aws organizations, scps, service control policies
Id: 9PQYCc_20-Q
Channel Id: undefined
Length: 7min 36sec (456 seconds)
Published: Fri Apr 10 2020
Related Videos
AWS re:Inforce 2019: Managing Multi-Account AWS Environments Using AWS Organizations (FND314)
Amazon Web Services
41K
AWS Certified Cloud Practitioner Complete Video Course
TechTalks
60K
Government Contracts - How do I register my business? (Sam Registration, Cage Code, DUNS Number)
GovKidMethod
31K
How do I allow users or roles in a separate AWS account access to my AWS account?
Amazon Web Services
7.2K
AWS Organizations SCPs vs AWS IAM | AWS Solutions Architect Associate Preparation | Whizlabs
Whizlabs
1.6K
AWS Networking Fundamentals
Amazon Web Services
230K
AWS CloudFormation Masterclass
AWS Online Tech Talks
195K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.