Delegated Administrator for AWS Organizations
ACM.139b Delegating governance via service control policies to an AWS Governance account
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
⚙️ Check out my series on Automating Cybersecurity Metrics. The Code.
🔒 Related Stories: Cloud Governance | IAM | AWS Security
💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
As I mentioned in the last post, I’d like the governance team to operate out of a governance account and I want to limit activities in the root account. I created a separate account in the last post.
Creating an AWS Governance Account
ACM.139 Creating OUs and Accounts in an AWS Organization
medium.com
When I used AWS Control Tower to set up my AWS Accounts for this particular implementation it seemed to put a lot of the things it built in the root account. I’m not sure if there’s a way around that and it’s a moot point at the moment. What AWS Organizations does offer is a way to delegate…
