AWS Organization

Prerequisites:

- Credit Card

- Valid Email address

Estimated Time: 1 hour

Estimated Cost: none

You require access to only one AWS Account. However, it is AWS Best Practice to use have a Management account that is only used for tasks like billing and additional accounts for Tooling, Dev, Test, Prod etc. Use AWS Control Tower to set up an AWS Organization with a management account and additional accounts.

For the purpose of reviewing the sample system, we suggest you create an AWS Organization using AWS Control Tower. Then create a Development Organizational Unit (OU) and a Development account under that OU. It is a simple matter to create additional Organization Units and accounts later on.

If you have an existing AWS Organization and access to a development account, you only need to make sure you have Administrator access to that account. You need Administrator access to configure resources in that account.

Email Addresses

When you create an AWS Account, you must provide a email address that has not been used for any other AWS account. What we do is use dynamic aliases to accomplish this. For example:

• Admin account - myemail+admin@mycompany.com
• Dev account - myemail+dev@mycompany.com

Creating an AWS Organization is fully described here AWS Organization User Guide

Once you have setup your AWS Organization, take the following additional steps:

• Create the DevOU Organization Unit.
• Setup AWS Identity Center (Single Sign On). Make a note of the SSO signup URL, you will need it later.
• Create your user in Identity Center.
• Create an account called Dev under the DevOU.
• Use Identity Center to give your SSO user account administrative access to the Dev accounts.

Note: In a later step, using the AWS CLI, we will create a profile, lzm-dev, to access your Dev account from your workstation.