AWS Organizations (Part 2): Step-By-Step Set Up Tutorial.

A step-by-step guide on how to set up an AWS Organization, invite an existing account and create a new member account for the organization.

Table of Contents

• Introduction
• Prerequisites
• Create your organization
• Invite an existing account
• Create a new member account.
• Conclusion
• Attributes

AWS logo: source

Introduction

AWS Organization is a free service in Amazon’s AWS console, that helps manage multiple AWS accounts from one central account, this tool is excellent for businesses and individuals with multiple accounts. You can learn more about AWS organization and its benefits from my previous article.

This article is a step-by-step guide on how you can set up an AWS Organization as well as add member accounts to the organization.

Prerequisites

The major requirement before we embark on this tutorial is to have two active AWS accounts, we will create a third one during the course. You also need to have administrator access to all three accounts.

You should have the following points in mind to avoid confusion, during this tutorial:

• AA — This is your management account, the account used to create the AWS organization. The email used here will be tagged accountAA@gmail.com
• BB — This is the invited account, the account you invite to join the AWS organization. The email used here will be tagged accountBB@gmail.com
• CC — This is the account you create as a member account for the AWS Organization. The email used here will be tagged accountCC@gmail.com

As you follow the process, the values above should help you have a better understanding of which resources to use at the right time.

Create Your Organization

This step involves setting up the AWS Organization using account AA.

Steps:

1. The first step is to sign into account AA as a root user and search for AWS Organization.

2. Open the page and select Create an organization.

3. In the confirmation dialog box, select Create an organization, this creates the organization and shows you the AWS account page. This is where you can access the account for later use. You have successfully created an Organization. Easy, right?

It is important to note when a new organization is created, it has all features enabled, You also have the option to create an organization with only billing features enabled.

Notice that creating the account, we now have the management account AA, as the only member account. We can populate the account with other accounts under it.

The next step is to invite an existing account to join our organization.

Invite an existing account

Having successfully created an AWS Organization, we now move into adding other accounts to it.

Here, we invite an existing account to join as a member of the organization, and we will do this in 5 easy steps.

Steps:

1. On the console search bar, search AWS Organizations again, select it, and it will take you to the AWS Account.
2. On the AWS account page, choose the Add an AWS account button, on the top right flank.
3. Select the Invite an existing AWS account option, and add the email accountBB@gmail.com of account BB, you may choose to use the account ID number if you know it and choose to, but no big deal. you may also write to add a message to include in the invitation email, this is optional. After filling these, select Send invitation. And AWS will send the invitation to account BB.

Add an AWS account, ‘invite an existing account

4. The next step is to accept the invitation we sent from the management account AA to member account BB, there are several ways to achieve this, namely:

• You can open the email from AWS sent to accountBB@gmail.com, and select the Accept invitation button, as shown below, this will prompt you to sign in to AWS account BB (make sure you have logged out of AA before this point).

Member invitation email

• Log in to your AWS console, head to the organization console, and navigate to Invitations, and the invitation request will be staring at you, just click the Accept invitation button and you are good to go.

5. Sign out from account BB and sign in as account AA, (your management account), and you will notice that another member has been added to your AWS account.

Again, Congratulations! You have successfully invited a new member to your AWS organization.

Create a new member account.

Here we will create a new AWS account CC, that will be automatically added to the AWS organization we created in account AA.

We can achieve these with the following steps:

1. On the AWS organizations page, select the Add AWS account
2. On the Add AWS account page, select Create an AWS account, and enter an account name of your choice and the email address accountCC@gmail.com in the provided boxes respectively, leaving the IAM role name as OrganizationAccountAccessRole.
3. On completely filling in the requirements, choose the Create AWS account button. You will have to wait for some time and keep refreshing the page until the new account appears on your AWS account page.

If you have a list of all AWS accounts with the management account and other member accounts as shown below, then pat yourself on the back, you have successfully achieved our goal.

AWS account members

Furthermore, if you need more information such as enabling and disabling features of an organization, viewing these features, and how to delete an AWS organization you can look up Amazon Documentation for that.

Conclusion

AWS Organization is a collection of AWS accounts organized into a hierarchy and centrally managed by a central account, called the management account. And the accounts managed by the management account are known as member accounts. The member account can only belong to one AWS organization account at a time.

Now we have come to the end of this guide, I hope it was helpful, leave a Clap, a Like, and please leave a Comment on any thoughts, questions, or suggestions, as this would help me improve my learning journey. Until then, thank you.

Attributes

Amazon AWS Documentation