There is really no easy way to do it. From a high level, what you could do is to:
- Create X number of account (you'll need different email for each account).
- Create AWS Organization from each account and enable consolidated billing.
- These X number of accounts will become the Management Account for each organization.
- Create IAM user\role for each student in each Organization with policies that make the student delegated administrator but without Billing privileges so that the student will be able to create a new accounts within the Organization and use AWS Route 53 and AWS EKS under the member accounts only (you'll be able to use SCP to control what services\regions are allowed).
- The spending incurred under each member account should get consolidated to the Management Account of the Organization and only you have access to manage Billing
- You can't further consolidate billing for each organization. But you can use a credit card or ACH to pay the invoice for each Organization automatically.
The key is to make sure only you have full access to the Organization; whereas the student can only create member accounts and use Rt53\EKS under the member accounts they create. Once the student is done, you can terminate all active resources and close the member accounts, remove the user, and ready to provide similar access to the next student.
- asked 3 months ago
- Why do I need to put my tax registration number (TRN) on all accounts in my organization in AWS Organizations?AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 7 months ago
- How can I resolve the error "You have exceeded the allowed number of AWS accounts." for AWS Organizations?AWS OFFICIALUpdated a year ago
- EXPERTpublished 3 months ago