AWS Organizations is a cloud service that applies and manages access policies across Amazon Web Services accounts.
AWS Organizations removes the need for a developer to code scripts that allow individual or groups of accounts to communicate when workloads are divided across multiple AWS accounts.
The service allows an admin to manage policies, which dictate controls across accounts. An admin attaches policies to accounts in the Organizations console. After defining a master account for AWS Organizations to create and manage invitations, an administrator creates an account and adds it to -- or removes it from -- an organizational unit, which is a group of member accounts.
A Service Control Policy, which uses most of the same rules and language as an AWS Identity and Access Management (IAM) policy, defines service actions that an account is or isn't allowed to perform, such as specific or all actions for Elastic Compute Cloud. AWS Organizations includes a policy simulator that shows how an individual policy affects member accounts. The service can also automate account creation and management through application programming interface calls.
An admin can separate organizational units into a hierarchy that reflects personnel structure. The admin manages and attaches policies to the organization as a whole or individual organizational units or accounts. A company can govern management privileges for AWS Organizations itself through AWS IAM users, groups or roles.
AWS includes its Consolidated Billing feature with AWS Organizations, meaning all accounts are billed to a single-payer account. AWS offers the Organizations service at no charge to its customers.