Objective:
Establish structured multi-account governance in AWS using AWS Organizations, enabling environment isolation, secure access, and centralized billing.
Summary:
- Set up an AWS Organization with multiple child accounts for different use cases: production, application testing, cloud lab, and external trainer access.
- Implemented Service Control Policies (SCPs) to restrict high-risk services and enforce compliance across accounts.
- Used consolidated billing to manage cloud costs efficiently across all child accounts.
- Assigned separate accounts for training sessions and terminal-based access to reduce impact on core environments.
- Ensured secure access delegation between accounts using IAM roles and permissions boundaries.
Key Highlights:
- Enabled secure isolation between environments (production, lab, trainer)
- Utilized SCPs for fine-grained policy enforcement
- Streamlined billing and reporting with centralized account management
Skills Demonstrated: AWS Organizations | SCPs | IAM Roles | Multi-Account Architecture | Consolidated Billing | Cloud Governance
Lab Status: Completed