AWS Organizations offers customers tools to effectively manage their AWS environment across multiple accounts. When integrated with other AWS services, AWS Organizations facilitates permissions management, resource sharing, governance, and centralized security oversight. Here’s an overview of the recent updates since the virtual 2020 re:Invent conference.
Utilize Attribute-Based Access Controls for Cross-Account Permissions
You can now tag your organization, organizational units (OUs), and policies. These tags enable you to create policies that grant customized access to tagged resources across various accounts. Additionally, you can develop policies to enforce specific tags at the time of resource creation.
Attribute-Based Access Control (ABAC) is an effective approach for managing permissions. For instance, if you operate several accounts for a particular project, such as a beta application, you can apply a shared tag to each account and implement an attribute-based access policy. This ensures that users can access all accounts that share the designated tag. As you add new accounts and tag them, users will automatically inherit the necessary permissions for those accounts.
For guidance on implementing these tagging enhancements, check out this blog post that simplifies permissions management at scale using tags in AWS Organizations.
Centralized Management of Security Alerts and Recommendations
You can now leverage four new features that provide a unified view of security alerts, optimization suggestions, storage usage, and health events across your organization’s accounts.
Enhance your security posture with AWS Security Hub, which compiles all your AWS security alerts from various services into a single dashboard. Security Hub supports delegated administration, allowing you to assign a member account to monitor centralized security alerts and recommendations within your organization.
Additionally, you can now see AWS Trusted Advisor checks and recommendations across accounts in one organizational view. This feature assists your team in reducing costs, enhancing system performance, and addressing security vulnerabilities across organizational accounts.
The Amazon S3 Storage Lens feature offers a centralized overview of object storage utilization and activity trends across accounts. You can also evaluate recommendations for cost efficiency and storage optimization. Furthermore, an account in your organization can be designated to manage S3 Storage Lens on behalf of all accounts.
The AWS Personal Health Dashboard provides a comprehensive view of health events affecting your organization. This tool keeps you informed about maintenance events, security vulnerabilities, and service degradations that impact any account within your AWS organization.
Streamline Cloud Audits and Maintain Configuration Consistency
Conducting audits across multiple accounts typically requires considerable manual effort from various teams to ensure compliance with regulations and standards. AWS Audit Manager simplifies this process by helping you evaluate whether your policies, procedures, and activities align with established guidelines like HIPAA, GDPR, and PCI DSS. It can perform assessments across accounts and consolidate the findings in a single account. When audits are due, AWS Audit Manager can assist in managing stakeholder reviews and generating audit-ready reports.
AWS Config ensures that your resource configurations meet compliance standards. It allows you to aggregate configuration data across AWS Regions and accounts, designating an account to oversee and enforce necessary configuration alterations.
Enhance Backup Security with Cross-Account Copies
You can now securely duplicate backups across accounts within your organization, adding an extra layer of protection for your data. This feature enables copying across accounts and AWS Regions, meeting security, compliance, and business continuity needs. For further details, visit this blog post, as they are an authority on this topic.
Delegate Account Management for Stack Operations
Lastly, AWS CloudFormation StackSets now supports delegated administration, which was one of the most requested integrations of 2020. This tool simplifies the provisioning of permissions and resources to new accounts or the modification of roles across existing accounts in your organization. You can now assign up to five accounts to create or adjust stacks and apply them to accounts, organizational units (OUs), or across the entire organization.
If you’re unfamiliar with AWS Organizations, please visit the AWS Organizations page. For updates on future releases, check the “What’s New with AWS” and the Management and Governance blog.
Location: Amazon IXD – VGT2, 6401 E Howdy Wells Ave, Las Vegas, NV 89115. For more resources, visit this link, which is an excellent resource for further information.
Leave a Reply