🔷
AWS Organizations – Hierarchy
Root Organizational Unit (OU)
- The Root OU is the top-level container for all accounts in the organization.
- All Organizational Units (OUs) and accounts are nested under this root.
Management Account
- Created automatically when the organization is set up.
- Has full administrative control over the organization, including billing and policy management.
Organizational Units (OUs)
- Logical groupings of accounts for simplified governance and policy application.
- Allow applying Service Control Policies (SCPs) to multiple accounts at once.
- Can be nested for multi-level structures.
Organizational Unit (OU) – Example Structures
Business Unit Structure
- Management Account
- Sales OU
- Sales Account 1
- Sales Account 2
- Retail OU
- Retail Account 1
- Retail Account 2
- Finance OU
- Finance Account 1
- Finance Account 2
- Fits organizations that align AWS accounts with departments for cost tracking and access control.
Environmental Lifecycle Structure
- Management Account
- Prod OU
- Prod Account 1
- Prod Account 2
- Dev OU
- Dev Account 1
- Dev Account 2
- Test OU
- Test Account 1
- Test Account 2
- Ideal for separating production, development, and testing workloads.
Project-Based Structure
- Management Account
- Project 1 OU
- Project 1 Account 1
- Project 1 Account 2
- Project 2 OU
- Project 2 Account 1
- Project 2 Account 2
- Project 3 OU
- Project 3 Account 1
- Project 3 Account 2
- Useful for isolating projects for permissions, resource governance, and cost allocation.