Identity and Access Management on AWS: Designing and Implementing an AWS Organization

This course will explain the proper use of multiple accounts in AWS and how to manage multiple accounts using the Organizations feature and Service Control Policies in AWS.
Course info
Level
Intermediate
Updated
Feb 26, 2019
Duration
2h 24m
Table of contents
Description
Course info
Level
Intermediate
Updated
Feb 26, 2019
Duration
2h 24m
Description

For small organizations, a single AWS account may be all that is required, but for many organizations, multiple accounts are a fact of life, whether for security, business/finance reasons, or due to mergers and acquisitions. Managing multiple accounts is a big challenge, but one for which AWS has provided tools. In this course, Identity and Access Management on AWS: Designing and Implementing an AWS Organization, you will gain the ability to manage multiple AWS accounts leveraging AWS tools and best practices. First, you will learn why multiple accounts may be needed, what the AWS Organizations feature is and how it can help in the management of those accounts, and the role of Organizational Units (OUs) in an Organization. Next, you will discover how to leverage Service Control Policies (SCPs) to gain finer-grained control over what IAM accounts can do within an AWS account. Finally, you will explore how to monitor an Organization, leverage Security Hub, and see how the Landing Zone concept can be used to deploy accounts according to best practices. When you’re finished with this course, you will have the skills and knowledge about AWS Organizations needed to effectively create, manage, and monitor multiple AWS accounts.

About the author
About the author

Brian is an energetic trainer and consultant with nearly 20 years of technical experience in datacenter management and design. As a virtualization instructor, Brian spends much of his time discussing the impact and intricacies of Software Defined Data Centers (SDDC), Software Defined Networking (SDN), and Software Defined Storage (SDS).

More from the author
More courses by Brian Eiler
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
If you've spent much time using Amazon Web Services, you probably have more than one AWS account. In this video series, I'll show you how to work with one of the newest, and arguably greatest, IAM services AWS has yet to offer, Organizations. You'll learn how to create an organization, and then begin joining your AWS accounts together to make both billing, as well as security policies a lot easier to manage. I'll show you how the organizational unit structure works, and then we'll dig into the world of security control policies, or SCPs, which help you tighten the security on your AWS accounts by limiting the actions users can perform. And finally, you'll learn some best practices around the setup and design of your AWS Organization as we introduce a tool called Landing Zone, which will help you create a structure that is both secure and flexible.