AWS Organizations - Restrict access of parent account in the child account

Question

I have two AWS accounts.
To take advantage of the unused Reserved Instances in account A (main), I would need to invite account B into its Organization.
Is it possible to make it so that accounts remain fully independant except for Billing and Reservations?
I don't want account A to have any access/control over account B.

Answer

You could use add B to the orgnaization and then apply consildated billing to access the instances from B.

You could also create a resource share, which allows you to (as the name suggests), share resources
To share resources that you own, create a resource share. When you create a resource share, you do the following:

Add the resources that you want to share.

For each resource type that you include in the share, specify the permission to use for that resource type.

If only the default permission is available for a resource type, then AWS RAM automatically associates that permission with the resource type and there is no action for you.

If more than the default AWS RAM managed permission is available for a resource type, then you must choose the permission to associate with that resource type.

Here is a link that could provide you of assistance 
https://docs.aws.amazon.com/ram/latest/userguide/getting-started-sharing.html

AWS Organizations - Restrict access of parent account in the child account

相關內容