Setup a multi account AWS environment that uses best practices for aws accounts.
AWS Organizations is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage.
1. Login to aws cloud account via the aws management console
2. Select the AWS organization service
3. Select - create an organization
4. Click - Add an Aws account
5. Click - Invite an existing Aws account
6. Copy the Account ID from Org12022test A/c,Org22022prod A/c
7. Paste below the Email address or account ID of the Aws account to invitation - 09876543221 ,0987654321
8. If you wish you can give message below
9. Message to include in the invitation email message - Hello
Click - send invitation
10. Go to the Org22022prod A/c
11. Go to the Aws organization service
12. Click view the invitation
13. Click the - accept the invitation
14. Again go to the org12022test A/c
15. Go to the Aws organization service
16. Click view the invitation
17. Click the - accept the invitation
18. Now if we refresh the management A/c.
19. We can see two Aws account in management A/c
20. To create ou Select - Root - in management A/c
21. Click - Action
22. Click - organizational unit
23. Name - Test ou
24. Click - Create Organizational unit
25. Now we can see test ou in the Root
26. Create one more ou under Root
27. Select - Root click - action click - create new
28. Name - prod ou
29. Click - organizational unit
30. Now you can see with in root ou, test and prod ou is created
31. Select the Org1test A/c, click - action ,select - move
32. Select the Test ou, click - move aws account
33. Select the Org2prod A/c, click - action , select - move
34. Select the prod ou , click - move aws account
35. Enable SCP (Service control policy)
36. Select - policies
37. Click - Service control policy
38. Click - enable Service control policy
39. Now login to Org12022test A/c
40. With the permission of SCP full access policy we can launch instance (t2 small) it will launch successfully and terminate
41. Now login to the Org22022prod A/c
42. With the permission of SCP full access policy.
43. Launch Instance (t2 small) it will launch successfully and terminate
44. Creating policy
45. Select - Service control policy
46. Click - create control policy
47. Name - deny other than t2 micro
48. Remove the old policy paste the new policy
49. Click - create policy
50. Click on the name of deny other than t2 micro
51. Click - target click - attach
52. Select - root click - attach policy
53. Now again login to the Org12022test A/c
54. Try to create the t2 small instance the policy will not allow to create.
55. Now again login to the Org22022prod A/c
56. Try to create the t2 small instance the policy will not allow to create.
57. Now again login to the Org1test A/c
58. Try to create the t2 small instance the policy will not allow to create.
59. If you try to create t2 micro on both account as per policy it will launch.
Clean up
1. Remove the member accounts from ou and Remove ou
2. Delete the organizations
