AWS Organizations also offers the possibility to organize your AWS accounts in a logical and hierarchical structure that best reflects your own internal organizational structure. This can be done by creating OUs that follow the structural model of your choice.
Consider the following examples of different structures.
In Figure 3.3, the account structure is modeled to match the organization’s own hierarchical structure. At the top of the diagram is the root node. This represents the overarching entity, which is the organization itself. From here, the branches extend, shaping the entire structure. Underneath the root node are the business units (BU1, BU2, and BU3). These could represent a department, team, or functional area. Under BU1, we have ProjectA, which is an initiative with defined goals. It could involve product development, process improvement, or strategic planning. The project has different stages Non-Prod which suggests a non-production stage, such as planning or testing and Prod which is the live environment where the final work is carried out.
Figure 3.3: BU style
In Figure 3.4, the structural backbone is driven by the various environments used to deploy the applications, such as development (dev), testing, user acceptance testing (UAT), or production:
Figure 3.4: Environment style
In Figure 3.5, the driving structural element is the project. Every OU below the root maps to a project and contains the accounts bound to that project:
Figure 3.5: Project style
Which account structure would you rather choose? There is no single correct answer to that question. Some organizations are more comfortable with an account structure that reflects their own organization hierarchy (that is, BU style), while some others prefer to adopt a structure driven by environments (environment style), by projects (project style), or a combination of these. Currently, AWS allows you to have up to five levels of hierarchy in an organizational structure, not more. It should be sufficient in most cases but take this into account when planning your account structure as it could be a limiting factor.
Now that you have seen how to organize and isolate your resources on AWS, investigated billing, and discovered what AWS Organizations can do for you, you are ready to dive deeper into SCPs.