Organizations in the real world – Introduction to AWS Security Services

by Britanee Kane Posted on

Organizations in the real world

Let’s examine a scenario where Organizations plays a pivotal role in a corporation with varied departmental access requirements.

Scenario

Imagine a multinational corporation with various departments, such as HR, finance, and development, each requiring different levels of access to AWS resources. The development team needs to frequently spin up new EC2 instances for testing, while the finance team mostly needs read-only access to billing information. The HR team, on the other hand, should not have access to any AWS resources but needs to manage IAM roles for employee onboarding and offboarding.

Solution

The corporation uses Organizations to create a multi-account structure with separate accounts for HR, finance, and development. They also create OUs to group these accounts based on departmental needs. SCPs are then applied to these OUs to enforce the required permissions.

For example, an SCP is applied to the development OU that allows the launching of EC2 instances only if they are tagged with a specific project code. Another SCP is applied to the finance OU that restricts permissions to read-only access for billing. The HR OU has an SCP that only allows IAM user and group management.

Outcome

By leveraging Organizations and SCPs, the corporation successfully isolates departmental resources and applies granular permissions. This not only enhances security but also aids in cost management, as the development team is now accountable for the resources they spin up, tagged by project codes.

Who should use Organizations?

Organizations is particularly beneficial for:

  • Large enterprises: With complex structures and multiple departments, large enterprises can benefit from the granular control and isolation that Organizations offers.
  • Startups and SMBs: Even smaller businesses can take advantage of Organizations to implement best practices from the start, making it easier to scale securely in the future.
  • Managed service providers: Those who manage multiple AWS accounts for different clients can centralize their management efforts, making operations more efficient.

Leave a Reply

Your email address will not be published. Required fields are marked *