AWS Cloud Practitioner: AWS Organizations & Consolidated Billing

In this short series, I outline the notes that I took while preparing for the AWS Cloud Practitioner exam.

These are my personal notes that I have made while working through the A Cloud Guru exam practitioner course. They are in no way official notes from AWS.

I would advise you that if you do use my notes to help you revise for this exam, that you use them as a supplement to the most recent information in the White Papers, Exam Guide and go over your knowledge with practice exam papers.

Previous notes within this blog series:

• Cloud Computing and the Topics To Cover
• AWS Global Infrastructure
• AWS Cost Management
• Identity Access Management (IAM)
• Simple Storage Service (S3)
• CloudFront
• Elastic Compute Cloud (EC2)
• Roles
• Load Balancers
• Databases
• Domain Name System
• Elastic Beanstalk
• CloudFormation
• Architecting for the Cloud Best Practices: Part 1
• Architecting for the Cloud Best Practices: Part 2
• Global and On Premises AWS Services
• CloudWatch 101
• Systems Manager
• How AWS Pricing Works Whitepaper
• EC2 Pricing
• AWS Budgets vs AWS Cost Explorer
• AWS Support Plans
• Tagging and Resource Groups

AWS Organizations & Consolidated Billing

What is AWS Organisations?

• An account management service where you can consolidate multiple AWS accounts into an organisation that you create and centrally manage.
• Available in two feature sets:
  • Consolidated billing only
  • All features (Full access)
• It is a Global Service
• Accessed via My Organization link not on the Services list screen
• You can either invite accounts via email or username or create new accounts for your org
• After adding some accounts, you can add Organizational Units
• After creating the OU, you can add the policies to the OU and/or apply to the accounts within the Organisation
• Note: Root accounts can’t invite other root accounts

• Root account is the base account
• OU – Organisational Unit – policies can be applied here
• AWS accounts – policies can be applied here

How Consolidated Billing Works

• 20 linked accounts only. To add more you need to contact AWS as this is a soft limit.

Billing Alerts

• When monitoring is enabled on the paying account, the billing data for all linked accounts is included.
• You can still create billing alerts per individual account

Advantages of Consolidated Billing

• One bill per AWS account
• Very easy to track charges and allocate costs
• Volume pricing discount
• Unused reserved instances for EC2 are applied across the group

Best Practices with AWS Organisations

• Always enable multi-factor authentication on root account
• Always use a strong and complex password on root account
• The paying account should be used for billing purposes only. Do not deploy resources into the paying account.

What is CloudTrail?

Cloudwatch monitors performance, while CloudTrail monitors API calls in the AWS platform. Creation of assets and making changes to your AWS environment.

How to Use CloudTrail in AWS Organisations

• CloudTrail is enabled per region and per AWS account,
• but, the logs can be consolidated into a single S3 bucket belonging to the paying account by:
  1. Turning on CloudTrail in paying account
  2. Creating a bucket policy that allows cross-account access
  3. Turning on CloudTrail in the other accounts and use the bucket in the paying account