One Organization vs Multiple AWS organizations for a large enterprise


As we plan to move to cloud, we are debating whether we should have multiple AWS organizations (one for IT workloads , one for Customer Service, one for SaaS products/offreings we provide to our end customers)..
What are the pros and cons of creating multiple organizations (one for each of the above) vs creating one at Enterprise level and creating three OUs underneath and then multiple other OUs under each represening their own workloads/orgs ?

Is it possible to consolidate billing at OU level vs master a/c level?

Edited by: ViralPatel on Jul 25, 2020 5:07 PM

asked 4 years ago2395 views
5 Answers

Billing cannot be consolidated at the OU level.

For a large enterprise, it depends what your use-case is. Multiple Orgs makes sense if you have a separate sandbox org where you may want to test policies or org changes before they are applied to the entire organization, or if your enterprise runs like completely separate teams without any central governance and separate billing considerations. However, if you just have a large enterprise with multiple different teams, a single Org likely serves that use-case better, with divisions at the OU levels, which you can manage up to 5 deep.

All of the central management features from Organizations lose their ability outside of the Organization. For example, do you have central teams that manage infrastructure or security? Will there be a single team (/admin) that manages the whole cloud infrastructure? Are there any policies that you plan to apply for the entire enterprise? Multiple Orgs adds some overhead if you have any central team management, because you'll have to apply any central changes in multiple Orgs. In addition, you lose some of the visibility or capabilities from AWS services that have org features (e.g. Access Analyzer/GuardDuty/Config/Backup, etc.)

You can read more about the org structure suggested by AWS, which serves both large and small enterprises:

Edited by: andybee113 on Aug 7, 2020 2:18 PM

answered 4 years ago

Thanks Andybee113.
In our case, IT infrastructure will be centrally managed while other functions like Engineering or Customer Experience may manage their own applications. Within IT, we have 6-7 functional teams and 3-4 shared team with 1000+ applications across all. Our budgeting process, security requirement, compliance etc may differ for IT applications (mostly internal) vs Customer expeirnce and Engineering (SaaS products) but all of them could still benefit from organization concept.

Hence our thought to have 3 different organization with centralized billing, infra management, security and compliance etc at each of this Organization level.

answered 4 years ago

Based on what you describe, it sounds like it could still be achievable with a single organization, at least for the sake of shared infrastructure. The whole idea of an organization is that you should be able to set up OU's that serve differing needs (e.g. OU for infra, OU for security, then OUs for workloads/applications/ could create 3 sub-OUs in security for the separate security needs, then sub-OUs in each workload for the differing compliance requirements.)

Having three separate orgs works too, but the main benefits you'll miss out on is consolidated costs (you'll have three separate bills with varying costs), and then having to set up any org-related actions/features for three separate organizations instead of one.

answered 4 years ago

+1 on the other responses.

Although you can't consolidate billing per OU (currently, a good feature request!), you can create billing reports based on linked accounts. This may or may not meet your needs.

If you are large enough to chargeback or budget based on multiple accounts (or per OU), I'd look at 3rd-party cloud-service billing options. These are much more flexible at getting the billing and other reporting details (usage, savings, security, etc.) out that you may need, usually for a nominal price (1.5-3% of your cloud spend, depending on features.) We use one of them, which also can integrate with your ITIL systems, custom integration via APIs, etc.

Another option is to take your Cost and Usage Reports and feed them into something like Quicksight or 3rd-party options, to create dashboards with actionable information. Can be very slick if you have the resources to do so.

Also, there are some needs for multiple Orgs (legal/regulatory/etc.) that you may not be able to avoid. However, if you don't have those requirements, I would advise against more than one PRODUCTION Org. You may want a test Org for something like Control Tower, which is hard to test some changes (currently) in one Org. If you're working with AWS Prof. Services or other consulting, that may also help keep everything in one Org.

Good luck on your cloud journey!


answered 4 years ago

Thank you Andy and Rob for additional information and suggestions.

answered 4 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions