So far we have been working out of a single AWS account that we use for development, testing as well as for production purposes, but this isn't the case with many organizations who end up with multiple AWS accounts for a variety of purposes such as multiple environments, compliance issues, and so on. Each account gets governed and managed in its own way with no centralized ownership or control.

AWS Organizations is a simple service that allows you to consolidate and manage multiple such AWS accounts all under one roof. It enables you to group AWS accounts into one or more collective organizations that you can create and manage as a whole.

Here's a quick look at some of AWS Organizations key concepts and terminologies:

• Organizations: Organizations are consolidated views of all your AWS accounts in one place. Using organizations, you can centrally view and manage each of your AWS accounts under one roof. Organizations provide an additional functionality using which you can determine the type of organization you wish to create. There are two such feature sets, namely:
• Consolidated billing: A key feature provided by AWS Organizations is the ability to view and consolidate each AWS accounts billing under one organization. This feature is selected by default when you first create an organization and only provides you with the consolidated billing views. For leveraging all of the AWS Organizations advanced features, you will have to select the All features option.
• All features: This feature set provides the full functionality of AWS Organizations, including consolidated billing and many other features that provide you with better control over your individual accounts. Using this feature set, you can restrict certain AWS services from accounts; modify access roles, and much more.
• Root: The root is the primary container for all your individual accounts used within AWS. AWS Organizations automatically creates a default root element for you when you first create an organization. Any changes or policies applied at the root level propagate to its subsequent child elements as well.
• Organizational Unit (OU): OUs are containers for one or more AWS accounts. You can branch multiple OUs from a single OU as well, however the end of an OU is always an account. Here is a representational diagram depicting the interactions between an organization, the root element, OUs, and various AWS accounts:

• Accounts: Accounts are standard AWS accounts that contain your AWS resources. When creating an organization, AWS marks the account from where the organization gets created as the master account. Any additional accounts added later to this organization are termed as member accounts. The master account is also responsible for overseeing the consolidated billing and payments for the rest member accounts as well as useful for inviting other AWS accounts into the organization, creating OUs, managing policies, and so on.
• Service Control Policy (SCP): SCPs are essentially policies that are attached to roots, accounts or OUs for specifying services and actions that the particular account's or OU's user can use. For example, you can use an SCP on an account that is created with HIPAA compliance in mind and you want to restrict all users of this account to use only HIPAA compliant AWS services, and so on.

An important point to remember here is that SCPs only work when you have enabled the All features feature set while creating your organization.

With this basic information in hand, let us look at how you can get started with AWS Organizations using a few simple steps.