AWS Security Blog
Category: AWS Organizations
How to use AWS Organizations to simplify security at enormous scale
AWS Organizations provides central governance and management across AWS accounts. In this post, we explain how AWS Organizations can make the lives of your Information Security engineers easier, based on our experience in the Information Security team at Amazon. The service control policies (SCPs) feature in AWS Organizations offers you central control over permissions for […]
Use IAM to share your AWS resources with groups of AWS accounts in AWS Organizations
September 19, 2023: This post has been update to correct an explanation of multivalued condition keys. You can now reference Organizational Units (OUs), which are groups of AWS accounts in AWS Organizations, in AWS Identity and Access Management (IAM) policies, making it easier to define access for your IAM principals (users and roles) to the […]
Accept an ANDB Addendum for all accounts within your AWS Organization
For customers who use AWS to store or process personal information covered by the Australian Privacy Act 1988, I’m excited to announce that you can now accept a single AWS Australian Notifiable Data Breach Addendum (ANDB Addendum) for all accounts within your AWS Organization. Once accepted, all current and future accounts created or added to […]
New! Set permission guardrails confidently by using IAM access advisor to analyze service-last-accessed information for accounts in your AWS organization
You can use AWS Organizations to centrally govern and manage multiple accounts as you scale your AWS workloads. With AWS Organizations, central security administrators can use service control policies (SCPs) to establish permission guardrails that all IAM users and roles in the organization’s accounts adhere to. When teams and projects are just getting started, administrators […]
AWS Organizations now available in the AWS GovCloud (US) Regions for central governance and management of AWS accounts
October 2, 2024: This post was republished to update the terminology for management accounts. AWS Organizations is now available in the AWS GovCloud (US) Regions, enabling you to centrally govern and manage your AWS GovCloud (US) accounts. AWS Organizations helps you to centrally manage billing; control access, compliance, and security; and share resources across your […]
How to use service control policies to set permission guardrails across accounts in your AWS Organization
AWS Organizations provides central governance and management for multiple accounts. Central security administrators use service control policies (SCPs) with AWS Organizations to establish controls that all IAM principals (users and roles) adhere to. Now, you can use SCPs to set permission guardrails with the fine-grained control supported in the AWS Identity and Access Management (IAM) […]
AWS Organizations now requires email address verification in order to invite accounts to an organization
AWS Organizations, the service for centrally managing multiple AWS accounts, enables you to invite existing accounts to join your organization. To provide additional assurance about your organization’s identity to AWS accounts that you invite, AWS Organizations is adding a new feature. Beginning on September 27, 2018, you’ll need to verify the email address associated with […]
An easier way to control access to AWS resources by using the AWS organization of IAM principals
AWS Identity and Access Management (IAM) now makes it easier for you to control access to your AWS resources by using the AWS organization of IAM principals (users and roles). For some services, you grant permissions using resource-based policies to specify the accounts and principals that can access the resource and what actions they can […]
AWS Organizations Now Supports Self-Service Removal of Accounts from an Organization
August 24, 2020: We’ve updated this post to reflect changes to the requirements for removing an account from an organization. Today, AWS Organizations made it easier for you to remove AWS accounts from an organization. You can remove accounts from an organization without requiring assistance from AWS Support, and the accounts you remove can operate […]
How to Use AWS Organizations to Automate End-to-End Account Creation
AWS Organizations offers new capabilities for managing AWS accounts, including automated account creation via the Organizations API. For example, you can bring new development teams onboard by using the Organizations API to create an account, AWS CloudFormation templates to configure the account (such as for AWS Identity and Access Management [IAM] and networking), and service control […]