AWS Organizations Should Be Used
More Info:
Ensure that Amazon Organizations service is currently in use to gain central control over the use of AWS services across multiple AWS accounts (using Service Control Policies) in order to help you comply with the security and compliance policies within your company. AWS Organizations is an account management tool that enables you to centralize multiple AWS accounts into an organization that you create and administer. Amazon Organizations is available to all customers at no additional cost and has two main feature sets: Consolidated Billing features – which provides basic management tools that you can use to centrally manage all the accounts (master and member accounts) within your organization. With this feature you can get a combined view of AWS charges incurred by all your accounts and also take advantage of pricing benefits from aggregated usage.
Risk Level
Medium
Address
Security
Compliance Standards
NIST
Remediation
How to make sure AWS Organizations is in use
Using AWS Console
- Open the AWS Management Console: Sign in to the AWS Management Console using your AWS account credentials.
- Navigate to AWS Organizations: Search for “Organizations” in the AWS Management Console search bar or find it in the services menu.
- Verify the organization’s existence: Once in the AWS Organizations console, check if there is an existing organization. If there is an organization present, it means AWS Organizations is in use. If not, you can create a new organization by following the prompts provided in the console.
- Review organization settings: Click on the organization name or ID to access the organization settings. Review the organization’s details, including the organizational units (OUs), accounts, and any policies or service control policies (SCPs) in place.
- Verify member accounts: Check if there are member accounts associated with the organization. Member accounts are AWS accounts that are part of the organization and are managed centrally.
- Review organization policies: Evaluate the organization’s policies and SCPs to ensure they align with your organization’s requirements. Policies can help enforce security, compliance, and governance controls across member accounts.
- Monitor organizational activities: Keep an eye on organizational activities, such as new account creations, member account activities, and the usage of AWS services within the organization. You can review the AWS Organizations console, CloudTrail logs, or enable AWS Config to monitor and track changes within the organization.