With more and more businesses relying on public clouds to run their IT infrastructure, it’s becoming more of a challenge managing these environments. When we look at AWS for example, a best practice is to use AWS accounts to segregate workloads and create security boundaries. By using multiple AWS accounts, you are essentially creating individual environments with their own access policies, user accounts, and storage environments. Although this provides some great benefits around security and other aspects, this does pose a headache for businesses looking to manage all these accounts. Whether it’s having to manage the billing for each individual account or applying standardized security policies, this kind of account sprawl is a major challenge for businesses to overcome.
Let’s take a look internally at Veeam as an example of this. As a member of Veeam’s product strategy group, I and my teammates spend a considerable amount of time testing products and working with customers and R&D on developing best practices and architecture recommendations. Every member of this team at one time or another has or had their own AWS account. While this in itself is not a challenge, the billing aspect of this was. Imagine a scenario where every team member is expensing their own AWS account. As the group has 15 employees, that is 15 separate expense reports a manager must approve, plus with no centralized management, the manager must then collate all the individual expense reports to understand what the group is spending per month. The scenario below shows this. This is not an ideal use of anyone’s time.
Now in this scenario, AWS has a feature called AWS Organizations. AWS describes this capability as follows:
“AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts”.
The individual aspect for this particular use case was the simplified billing using a single payment method for all of the accounts. This allows us to create a single account to manage all the billing of the individual accounts, and also create new accounts for new members joining without them having to worry about credit cards or expenses policies.
Within this centralized billing account, we can now manage all these accounts through AWS organizations. Either by adding existing AWS accounts or creating new ones we can manage everything centrally.
Once you have the central management account created and AWS organizations setup, you can then apply budgets globally, define policies and even restrict access to specific services. For the purpose of this use case all we wanted to achieve was consolidated billing.
With consolidated billing, you are able to manage and monitor each individual account’s spending. This is particularly useful in this use case where we want to manage spending centrally.
As you can see in the screenshots, being able to investigate individual account spending is particularly helpful when the use case is about consolidated spending for individual team members.
AWS Organizations provides a powerful way for businesses to manage multiple AWS accounts, whether they are being used for individuals, different environments, like production and Dev test, or being used as specific security boundaries to protect data. AWS Organizations provides the management capabilities needed for more complex AWS environments.