An IAM Group is to place certain IAM users with a specific set of policies (permissions ) to access certain resources; i.e: EC2, S3, etc. However, AWS Organization OU's are a way to manage multiple AWS accounts and apply specific policies to the group of accounts. So, these 2 are very different things and they achieve very different results. Some organizations can have 20, 30 or more AWS accounts, so managing them is best when placed in Organizational Units, OUs to simplify management.
@@carotech1973 But why do you need multiple accounts in the first place? Seems like you could just replace OUs with IAM user groups, as Phong was probably suggesting.
@@samlaf92 If you have different organisational groups eg Finance and Data areas of the business, they have different budgets and may want to pay for different levels of support, infra etc all within their own budget constraints so makes sense to do that with their own respective accounts using their own standards.
@@RationalCreed Totally agree. But even that you can solve by tagging every infrastructure that you spin up with its department and then look at budget spending per department, all within the confines of a single account.
You need to setup an organization in your master account and then you can invite other AWS accounts to join your organization OR ... you can create new accounts that will be part of your organization. Again, this is all great when you need to manage multiple AWS accounts. Some companies have multiple accounts for billing purposes, so they can bill different departments for AWS services. Example, 1 AWS for IT, 1 for HR , 1 for Accounting, etc, etc ...
Could you please explain to me the difference between AWS Organizations OU vs IAM Group? Thanks in advance.
An IAM Group is to place certain IAM users with a specific set of policies (permissions ) to access certain resources; i.e: EC2, S3, etc. However, AWS Organization OU's are a way to manage multiple AWS accounts and apply specific policies to the group of accounts. So, these 2 are very different things and they achieve very different results. Some organizations can have 20, 30 or more AWS accounts, so managing them is best when placed in Organizational Units, OUs to simplify management.
@@carotech1973 But why do you need multiple accounts in the first place? Seems like you could just replace OUs with IAM user groups, as Phong was probably suggesting.
@@samlaf92 If you have different organisational groups eg Finance and Data areas of the business, they have different budgets and may want to pay for different levels of support, infra etc all within their own budget constraints so makes sense to do that with their own respective accounts using their own standards.
@@RationalCreed Totally agree. But even that you can solve by tagging every infrastructure that you spin up with its department and then look at budget spending per department, all within the confines of a single account.
@@samlaf92 that is what even I'm thinking...
Are there any videos that explain how to do any of this?
You need to setup an organization in your master account and then you can invite other AWS accounts to join your organization OR ... you can create new accounts that will be part of your organization. Again, this is all great when you need to manage multiple AWS accounts. Some companies have multiple accounts for billing purposes, so they can bill different departments for AWS services. Example, 1 AWS for IT, 1 for HR , 1 for Accounting, etc, etc ...
Cool!