- Le plus récent
- Le plus de votes
- La plupart des commentaires
OK, I answered my own question. Putting the information here in case someone else has the same problem.
First, I needed to understand the difference between AWS accounts and IAM users. When dealing with AWS Organizations, it's almost never IAM users. You are dealing with root AWS accounts. So, I created an AWS account for the company, then additional AWS accounts for each business unit. We did nothing with IAM at this point. The company account created a default organization, then additional organizations under it to represent the business units. This makes the company account the "master" account. The company account then invited all the accounts for the business units to join its organization. I had to login to each business unit AWS account and accept the invitation. Then I used the master account to place each business unit account into its business unit Organization.
The end result is that each business unit can create resources, including additional IAM users, and no other business unit can touch them. The billing for all business units is consolidated and paid for by the master account. This gave us a single bill each month along with isolation between business units.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 8 mois
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans