Skip to content

Latest commit

 

History

History
66 lines (57 loc) · 3.26 KB

Accounts_Organizations.md

File metadata and controls

66 lines (57 loc) · 3.26 KB

AWS Accounts and AWS Organizations

  • Return to table of contents

  • Useful Links:

  • Exam Tips:

    • Used to be known as the 'payer' account, now known as the 'master' account.
    • Accounts joined to the organization are known as member accounts.
    • IAM Policy management.
    • Consolidated billing:
      • May gain you volume discounts, thus reducing your bill.
    • RI Credit Sharing:
      • You can enable Reserved Instance sharing in the member accounts and then purchase Reserved Instances in the master account.
        • EC2
        • RDS
        • Redshift
      • You can disable credit sharing globally in a master account- it is enabled by default.
      • Each member account can disable or enable RI sharing. This is generally done on a use case basis, as in when you want to keep certain business units separate.
      • The billing console in the master account allows you to manage which member accounts do or do not take part in RI sharing. Again, the default is to share RI.
    • OUs = Organizational Unit.
    • Treat master account as a billing and user store.

Service Control Policies

  • Exam Tips:
    • They do not provide actual permissions, they only allow or deny actions.
      • Default policy is to allow all actions on all resources.
      • Need explicit allows and explicit deny.
        • Explicit deny always overrides an allow.
        • Anything else not defined gets an implicit deny.
    • SCP inherit downwards, but they do not affect the master account.
      • They do not affect the master account in anyway!

Account Limits

  • Exam Tips:
    • Try to understand limits that will affect any architecture designs:
    • You can request service quotas for most services.
      • Some services do not support quotas.
    • Preferred method is to use the service quotas console.
      • Can use the cli to request more.
    • You can configure CloudWatch alarms for service quotas limits.

AWS Support Tiers

  • Exam Tips:
    • Difference between enhanced technical support.
    • Architectural guidance.
      • Business and Enterprise
    • Programmatic case management.
      • Business and Enterprise
    • Proactive programs.
      • Business (extra cost) and Enterprise.
    • Technical account management.
      • Enterprise.