Skip to main content

AWS Organizations

You can delete AWS Organization in an account through the CLI command below:

aws organizations delete-organization --profile a2


As we have the organization deleted, you would see no organization while navigating to the AWS Organization home page.

Create an organization.

aws organizations create-organization --profile a2

We're not passing anything like name. That means, you can create at most only one organization in an account.


Let's go back to the console.


That created an Organization. It contains a Root OU and a member account (current account which is the management account). Each organization has a management account where the features of the organization are configured. In our case, a2 is the management account as we have created the organization in a2 account (current account).




Root is the top most OU (Organizational Unit). An OU, which is a logical grouping of accounts or other OUs, can have either another OU or an account as its child. An OU can have more than one child. An account cannot have a child. Please see the image above to understand about the hierarchy (the tree structure is just one of the many forms your organizational structure can have).

The Service Control Policies (SCPs) applied to Root OU will be applicable to all of its children. SCPs applied to OUs will be applicable to its children e.g., SCP applied to OU1 will be applicable to both acc a3 and acc a4. SCPs applied to individual accounts will be applicable only to those accounts (they won't have children).



Let me try to remove the management account a2 from the organization.




Since a2 is the management account, it can't be removed from the organization. Read the message in the image above for more details.

Let me try to create another organization in the same account from the terminal.

aws organizations create-organization --profile a2


We're unable to create because the current AWS account a2 is already a member of an organization.

Labels:

Comments

Post a Comment

Popular posts from this blog

AWS Route53 - Private Hosted Zone

Post a Comment
Read more

AWS - Error - An error occurred (ExpiredToken) when calling the DescribeStacks operation: The security token included in the request is expired

Error:   An error occurred (ExpiredToken) when calling the DescribeStacks operation: The security token included in the request is expired. Reason: It occurred when I ran a MAKE command with a profile having expired token (security credentials) Fix: Generate new security credentials (aws sts assume-role) and run the command again
Post a Comment
Read more

High availability (Multi-AZ) for Amazon RDS

There is something called failover technology in Amazon. AWS RDS's Multi-AZ deployment uses this technology. If you enable Multi-AZ for an RDS DB, say MySQL DB, RDS automatically creates a standby replica in a different AZ. If the primary DB instance is in AZ-1A, then RDS creates a standby replica in AZ-1B (for example). Suppose I add a new row to a table in the primary DB, then the same row is added, almost in the same time, in the standby replica. This is called as synchronous replication . Thus, standby replicas are useful during DB instance failure/ AZ disruption . How? Because, there is no need to create a backup later because the backup has already been created. This gives high availability during planned system maintenance. Normal backup  operation - I/O activities are blocked in the primary database  Automated backup operation (standby replica) - I/O activities are not blocked This standby replica is not similar to read replica (which is used for disaster recovery). S...
Post a Comment
Read more