☁️
AWS Solutions Architect Associate SAA-C03 Study Notes/
🔶
AWS Organizations/
🔷
AWS Organizations – Advantages and Security
🔷

AWS Organizations – Advantages and Security

Advantages

  • Enables a multi-account strategy, offering better isolation and governance compared to a single account with multiple VPCs.
  • Simplifies cost allocation and tracking through consistent tagging standards across accounts.
  • Allows centralized logging by enabling CloudTrail in all accounts and sending logs to a central S3 bucket.
  • Supports centralization of CloudWatch Logs in a dedicated logging account for easier monitoring and compliance.
  • Facilitates cross-account administration by using IAM Cross-Account Roles instead of sharing credentials.

Security

  • Apply Service Control Policies (SCPs) to restrict permissions at the OU or account level, ensuring accounts cannot exceed defined security boundaries.
  • Use least privilege principles when creating cross-account roles and limit trusted entities.
  • Ensure CloudTrail is enabled organization-wide to maintain a full audit trail of all activities.
  • Protect the Management Account with MFA and restricted access, as it has full control over all accounts.
  • Periodically review account activity and unused accounts to reduce the attack surface.