Description:
AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization.
Rationale:
An entity that you create to consolidate your AWS accounts so that you can administer them as a single unit. You can use the AWS Organizations console to centrally view and manage all of your accounts within your organization. An organization has one management account along with zero or more member accounts. You can organize the accounts in a hierarchical, tree-like structure with a root at the top and organizational units nested under the root. Each account can be directly in the root or placed in one of the OUs in the hierarchy.
Impact:
AWS Organizations helps you centrally manage and govern your environment as you grow and scale your AWS resources. Using AWS Organizations, you can programmatically create new AWS accounts and allocate resources, group accounts to organize your workflows, apply policies to accounts or groups for governance, and simplify billing by using a single payment method for all of your accounts.
Default Value:
By default, no account is part of AWS Organizations.
Audit:
Sign in to the AWS Management Console.
Go to AWS Organizations home page at https://console.aws.amazon.com/organizations
If it shows this account is part of so and so organization, it means the account is part os AWS organizations
If the above details are not shown up then follow the implementation steps
Remediation:
Pre-Requisite:
Create the Organization in the account from which you want to control
Implementation Steps
Sign in to the AWS Management Console.
Go to the AWS Organizations home page at https://console.aws.amazon.com/organizations
Click on Create an organization
It will create an organization and automatically add the current account into organizations(i.e, Management Account)To invite an existing AWS account to join your organization, click on AWS Accounts and select Add an AWS account from the dashboard top menu.
Select Invite an existing AWS account (Also you can create a new account from organizations by selecting Create an AWS account)
Note: First you need to verify the management account's email address before you can invite AWS accounts to join your organization
Enter the Email address or account ID of the AWS account you want to invite
Note: You can add multiple accounts at a time by clicking on Add another.
Optional: You can include a message in the invitation email that you want to say.
Click on Send invitation
An invitation will be sent to the AWS account you mentioned(i.e, The account you want to add).
Sign in to the account that you want to add
Go to the AWS Organizations at https://console.aws.amazon.com/organizations
Click on Invitations in the left navigation pane
It will show up the Invitation sent from the master account, Click on Accept Invitation
Backout plan:
If you want to leave the organization then follow the same steps in the audit section and click Leave the organization
Reference:
https://aws.amazon.com/organizations/
Inviting an AWS account to join your organization - AWS Organizations