11.2 Consolidated Billing

AWS Organizations

AWS Organizations is an relatively new topic may or may not appear in exam. AWS Organizations is an account management service that enables you to consolidate mulitple AWS accounts into an organization that you create and centrally manage. For example, you have a paying account, and all other accounts are linking to that paying account.

Available in two feature sets:

  • Consolidated Billing

  • All Features

Structure:

  • Root - root account (paying acccount), e.g. company level

  • OU - organization units within the root account, e.g. department level (e.g. HR, Engineering, etc)

  • AWS Account - you have multiple AWS accounts behind each OU, e.g. team level.

  • Policy - AWS organizations allows you to apply policies and you can apply those policies either to the organization units individually or you can apply a policy to a root account which means that all our organization units underneath those root accounts will adopt these policies and all of AWS accounts underneath those use will also adopt those policies.

Consolidate Billing

This is a must have topic in exam. You can link accounts to one paying account, and you will receive one billing for your organization per month. You can break the bill down by your linked accounts. In a normal consolidated billing, all linked accounts are independent, and paying account is also independent so it cannot access resources of the other accounts. Currently, a limit of 20 linked accounts for consolidated billing.

Advantages of consolidated billing:

  • One bill per AWS account

  • Very easy to track charges and allocate costs

  • Volume pricing discount (cheaper than pay individually)

Best practice:

  • Always enable multi-factor authentication on root account

  • Always use a strong and complex password on root account

  • Paying account should be used for billing purpose only. Do not deploy resources in to paying account.

Other things to note:

  • Linked Accounts

    • 20 linked accounts only

    • To add more: search "aws contact us aws account and billing"

  • Billing Alerts

    • When monitoring is enabled on the paying account the billing data for all linked accounts is included.

  • CloudTrail

    • Per AWS account and is enabled per region

    • You still can have consolidate logs using an S3 bucket. How to do that:

      • Turn on CloudTrail in the paying account

      • Create a bucket policy that allows cross account access

      • Turn on CloudTrail in the other accounts and use the bucket in the paying account

Exam Tips:

  • Consolidated billing allows you to get volume discounts on all your accounts.

  • Unused reserved instances for EC2 are applied across the group.

  • CloudTrail is on a per account and per region basis but can be aggregated in to a single bucket in the paying account.

Previous11.1 Exam Tips Based On Student FeedbackNext11.3 AWS Organizations - Lab

Last updated

Was this helpful?