Build a Business Architecture using AWS Organization
by Sharayu Javeer | on 7 April 2023 | in Architecture, AWS CloudFormation, AWS Organizations. This blog post was updated April 7,2023.
It’s common to start with a single AWS account when you are beginning your cloud journey with AWS. Running operations such as creating, reading, updating, and deleting resources in a single AWS account can be straightforward with AWS application program interfaces (APIs). Because an organization grows, so does their account strategy, often splitting workloads across multiple accounts. Fortunately, AWS customers can use AWS Organizations to group these accounts into logical units, also known as organizational units (OUs), to apply common policies and deploy standard infrastructure.
Index
Project-based Course Overview
Project Objectives
Project Structure
Project-based Course Overview
Welcome!
Welcome to 'Build a Business Architecture using AWS Organization'.This is a project basically, which should take approximately 2 hours to finish. Before diving into the project, please take a look at the course objectives and structure:
Project Objectives
In this, we are going to focus on four learning objectives:
Create 'AWS Organization'
Add members to 'Organization'
Attach 'Service Control Policy' to member accounts
Enable 'Cloud Trail' for your Organization.
By the end of this project, you will be able to get real-world experience of building a Business architecture using ‘AWS Organization’ and enable ‘Organization Cloud Trail’ to continuously monitor and retain account activity related to actions across your AWS Infrastructure.
Project Structure
This course is divided into 3 parts:
Project Overview: This is introductory reading material.
Build a Business Architecture using AWS Organization: This is the hands-on project that we will work on in your AWS Management Console.
The hands-on project on 'Build a Business Architecture using AWS Organization' is divided into the following tasks:
Task 1: Create an ‘Organization’ using an AWS account.
Task 2: Invite an existing AWS account as a ‘member account’ to AWS Organization.
Task 3: Switch Roles between ‘Member account’ and ‘Management account’.
Task 4: Create a ‘member account’ within an Organization.
Task 5: Create an ‘Organizational Unit’ inside AWS Organization
Task 6: Architect Custom ‘Service Control Policy’ for ‘member accounts’ inside an Organization
Task 7: Attach ‘Service Control Policy’ to ‘member accounts’
Task 8: Create ‘Cloud Trail’ and configure it to log data for all accounts in an Organization to ‘S3’
Cleaning up
To avoid incurring future charges, delete the following resources:
Stack set through the CloudFormation console
AWS SSO user (if you created one)
Conclusion
Creating organization tools that answer difficult questions such as, “show me every internet entry point in our organization,” are possible using Organizations APIs and CloudFormation StackSets. We also learned how to use Go’s native concurrency features to build these tools that scale across hundreds of accounts.