AWS Organizations
User Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

AWS Services That You Can Use with AWS Organizations

AWS Organizations enables you to perform account management activities at scale by consolidating multiple AWS accounts into a single organization. Consolidating accounts into a single organization simplifies how you use other AWS services. You can leverage the multiaccount management services available in AWS Organizations with select AWS services to perform tasks on all accounts that are members of your organization.

The following table lists AWS services that you can use with AWS Organizations, and the benefit of using each service on an organization-wide level.

AWS Service Benefits of Using with AWS Organizations

AWS Identity and Access Management – Helps you securely control access to AWS resources.

You can use service last accessed data in IAM to help you better understand AWS activity across your organization. You can use this data to create and update service control policies (SCPs) that restrict access to only the AWS services that your organization's accounts use.

For an example, see Using Data to Refine Permissions for an Organizational Unit in the IAM User Guide.

AWS Artifact – Enables you to download AWS security compliance reports such as ISO and PCI reports.

You can accept agreements on behalf of all accounts within your organization.

To use with AWS Organizations, see AWS Artifact and AWS Organizations.

AWS CloudTrail – Helps you enable governance, compliance, and operational and risk auditing of your account.

A user in a master account can create an organization trail that logs all events for all accounts in that organization.

For information on using with AWS Organizations, see AWS CloudTrail and AWS Organizations.

Amazon CloudWatch Events – Monitors your AWS resources and the applications you run on AWS in real time.

You can enable sharing of all CloudWatch Events across all accounts in your organization.

For more information, see Sending and Receiving Events Between AWS Accounts in the Amazon CloudWatch Events User Guide.

AWS Config – Enables you to assess, audit, and evaluate the configurations of your AWS resources.

You can get an organization-wide view of your compliance status. You can also use AWS Config APIs to manage AWS Config rules across all AWS accounts in your organization.

For information on using with AWS Organizations, see AWS Config and AWS Organizations.

AWS Control Tower – Helps you set up and govern a secure, compliant, multiaccount AWS environment.

Using Control Tower lets you set up a landing zone, a multiaccount environment for all of your AWS resources. This environment includes an organization and organization entities. You can use this environment to enforce compliance regulations on all of your AWS accounts.

For more information, see How AWS Control Tower Works and Manage Accounts Through AWS Organizations in the AWS Control Tower User Guide.

AWS Directory Service – Makes it easy to set up and run directories in the AWS Cloud or connect your AWS resources with an existing on-premises Microsoft Active Directory.

Integrating AWS Directory Service with AWS Organizations enables seamless directory sharing across multiple accounts and any VPC in a Region.

For information on using with AWS Organizations, see AWS Directory Service and AWS Organizations.

AWS Firewall Manager – Centrally configures and manages firewall rules for web applications across your accounts and applications.

You can centrally configure and manage AWS WAF rules across accounts in your organization.

For information on using with AWS Organizations, see AWS Firewall Manager and AWS Organizations.

AWS License Manager – Streamlines the process of bringing software licenses to the cloud.

You can enable cross-account discovery of computing resources throughout your organization.

For information on using with AWS Organizations, see AWS License Manager and AWS Organizations.

AWS RAM – Enables you to share specified AWS resources that you own with other accounts.

You can share resources within your organization without exchanging additional invitations.

Resources you can share include Route 53 Resolver rules, on-demand capacity reservations, and more. For information about sharing capacity reservations, see the Amazon EC2 User Guide for Linux Instances or the Amazon EC2 User Guide for Windows Instances. For a list of shareable resources, see Shareable Resources in the AWS RAM User Guide.

For information on using with AWS Organizations, see AWS RAM and AWS Organizations.

AWS Service Catalog – Enables you to create and manage catalogs of IT services that are approved for use on AWS.

You can share portfolios and copy products across accounts more easily, without sharing portfolio IDs.

For information on using with AWS Organizations, see AWS Service Catalog and AWS Organizations.

Service Quotas – Enables you to view and manage your service quotas, also referred to as limits, from a central location.

You can create a quota request template to automatically request a quota increase when accounts in your organization are created.

For information on using with AWS Organizations, see Service Quotas and AWS Organizations.

AWS Single Sign-On – Provides single sign-on services for all of your accounts and cloud applications.

Users can sign in to the AWS SSO user portal with their corporate credentials and access resources in their assigned accounts, regardless if the account is a master or member account.

For information on using with AWS Organizations, see AWS Single Sign-On and AWS Organizations.

For more information about enabling trusted access to AWS Organizations, see Enabling Trusted Access with Other AWS Services.