Further Reading – Designing Networks for Complex Organizations – SAP-C02 Study Guide

Further Reading

You can check out the following links for more information about the topics that were covered in this chapter:

  • Hybrid Connectivity whitepaper: https://packt.link/QMK80
  • Building a Scalable and Secure Multi-VPC AWS Infrastructure whitepaper: https://packt.link/WQ8wS

.

Chapter 3 Designing a Multi-Account AWS Environment for Complex Organizations

Determining a strategy to deploy your resources across multiple Amazon Web Services (AWS) accounts is essential for governance purposes. This can bring benefits not just for billing but also for security and compliance purposes.

This chapter will explain how to organize your resources using multiple AWS accounts for your organization. We will discuss how to approach billing and resource isolation and how to increase security across an entire organization or individual business units (BUs). You will also examine the various services that AWS provides to assist you with that.

The following main topics will be covered in this chapter:

  • Deciding on resource and billing isolation
  • Establishing a billing strategy for multiple accounts
  • Introducing AWS Organizations
  • Setting up service control policies (SCPs)
  • Leveraging AWS Control Tower

The first section of this chapter will discuss the importance of selecting resources and billing isolation strategies.

Deciding on Resource and Billing Isolation

In the complex environment of cloud computing, managing resources efficiently is crucial. As businesses grow, they face the challenge of organizing resources across different projects, teams, and business units. This complexity is further compounded when it comes to billing, where visibility and accountability for cloud expenditure become paramount. The decision on how to isolate resources and manage billing has implications for governance, security, and operational efficiency.

The first decision that an organization needs to make when starting to use AWS is deciding how to organize its AWS resources. Although not crucial in the initial stages if you’re just experimenting and dipping your toes in the cloud, this decision becomes paramount for large organizations to avoid potentially painful refactoring later. AWS provides several structures to help you with that, such as AWS Organizations, organizational units (OUs), accounts, virtual private clouds (VPCs), and subnets.

Elements of Structure

Before going any further, review each of the elements that can be used to structure your AWS environment.

Organization

You must have noticed that the term organization has been used a number of times already in this chapter. It refers to a business entity that could represent an entire company or a portion of it. AWS also happens to provide an account management service called AWS Organizations (more on this later in this chapter, in the Introducing AWS Organizations section). In the scope of the AWS Organizations service, an organization represents the structure in which your AWS accounts are grouped.

To avoid any ambiguity, the type of organization (the business entity or the AWS resource) will be specified in this book.

OUs

When setting up your organization, AWS Organizations lets you define one or more OUs to help you manage your AWS accounts within your organization. An OU refers to a group of multiple AWS accounts and other OUs in a Region.