AWS Vs Azure Vs GCP Account Organization
Hello Everyone
Welcome to CloudAffaire and this is Debjeet.
In the last blog post, we have discussed the difference between aws,azure and gcp global infrastructure.
https://cloudaffaire.com/aws-vs-azure-vs-gcp-global-infrastructure/
In this blog post, we will discuss AWS vs Azure vs GCP account organization.
AWS Vs Azure Vs GCP Global Infrastructure
When you create a free tier account with a public service provider, you only need to provide an email id to uniquely identify your account and billing details. This works as long you are working on a single account. But when you want to combine multiple accounts based on different strategies like a business unit, application, environment, etc. you need to have a way to organize those accounts. The organization is the feature that is provided by the public cloud provider to organize different accounts/projects in your organization.
AWS:
In AWS, organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage. AWS Organizations includes account management and consolidated billing capabilities that enable you to better meet the budgetary, security, and compliance needs of your business. As an administrator of an organization, you can create accounts in your organization and invite existing accounts to join the organization.
AWS Organizations: AWS Organizations is an account management service that enables you to consolidate multiple AWS accounts into an organization that you create and centrally manage.
Root: The parent container for all the accounts for your organization.
Organization unit (OU): A container for accounts within a root. An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree.
Account: A standard AWS account that contains your AWS resources.
- Management Account: The management account has the responsibilities of a payer account and is responsible for paying all charges that are accrued by the member accounts.
- Member Account: The rest of the accounts that belong to an organization are called member accounts.
Policy: You can apply a policy at the Root level or organization unit level and the policy will be inherited to all subsequent accounts under the root or OU.
- Service control policy (SCP): A policy that specifies the services and actions that users and roles can use in the accounts that the SCP affects.
- Artificial intelligence (AI) services opt-out policy: A type of policy that helps you standardize your opt-out settings for AWS AI services across all of the accounts in your organization.
- Backup policy: A type of policy that helps you standardize and implement a backup strategy for the resources across all of the accounts in your organization.
- Tag policy: A type of policy that helps you standardize tags across resources across all of the accounts in your organization.
Resource Access Manager (RAM): Some of the resources or features of a resource can be shared with members accounts from management account or other members account using resource access manager (RAM).
Azure:
In Azure, you organize subscriptions into containers called “management groups” and apply your governance conditions to the management groups. All subscriptions within a management group automatically inherit the conditions applied to the management group. Management groups give you enterprise-grade management at a large scale no matter what type of subscriptions you might have. All subscriptions within a single management group must trust the same Azure Active Directory tenant.
Azure Organization: An organization represents a business entity that is using Microsoft cloud offerings, typically identified by one or more public Domain Name System (DNS) domain names, such as contoso.com. The organization is a container for subscriptions.
Management Groups: Logical containers that you use for one or more subscriptions. You can define a hierarchy of management groups, subscriptions, resource groups, and resources to efficiently manage access, policies, and compliance through inheritance.
Root: The root management group is built into the hierarchy to have all management groups and subscriptions fold up to it.
Subscription: A logical container for your resources. Each Azure resource is associated with only one subscription.
Account: The email address that you provide when you create an Azure subscription is the Azure account for the subscription. You can use the same Azure account (email address) for multiple subscriptions. Each subscription is associated with only one Azure account.
Resource groups: Logical containers that you use to group related resources in a subscription. Each resource can exist in only one resource group.
Azure Active Directory (Azure AD): The Microsoft cloud-based identity and access management service. Azure AD allows your employees to sign in and access resources.
Azure AD tenant: A dedicated and trusted instance of Azure AD. An Azure AD tenant is automatically created when your organization first signs up for a Microsoft cloud service subscription like Microsoft Azure, Intune, or Microsoft 365. An Azure tenant represents a single organization.
Azure AD directory: Each Azure AD tenant has a single, dedicated, and trusted directory. The directory includes the tenant’s users, groups, and applications. The directory is used to perform identity and access management functions for tenant resources. A directory can be associated with multiple subscriptions, but each subscription is associated with only one directory.
Azure Storage Account: An Azure storage account contains all of your Azure Storage data objects: blobs, files, queues, tables, and disks. The storage account provides a unique namespace for your Azure Storage data that is accessible from anywhere in the world
GCP:
In GCP, the Organization resource represents an organization (for example, a company) and is the root node in the Google Cloud resource hierarchy. The Organization resource is the hierarchical ancestor of project resources and Folders. The IAM access control policies applied on the Organization resource apply throughout the hierarchy on all resources in the organization.
Domain: Domain is the primary identity of your organization and establishes your company’s identity with Google services, including Google Cloud. You use the domain to manage the users in your organization. At the domain level, you define which users should be associated with your organization when using Google Cloud.
Organization: The Organization resource represents an organization (for example, a company) and is the root node in the Google Cloud resource hierarchy. The Organization resource is the hierarchical ancestor of project resources and Folders.
Folder: Folder resources provide an additional grouping mechanism and isolation boundaries between projects. They can be seen as sub-organizations within the Organization.
Project: The project resource is the base-level organizing entity. Organizations and folders may contain multiple projects. A project is required to use Google Cloud, and forms the basis for creating, enabling, and using all Google Cloud services, managing APIs, enabling billing, adding and removing collaborators, and managing permissions.
Billing Account: A billing account is set up in Google Cloud and is used to define who pays for a given set of Google Cloud resources. Access control to a billing account is established by Cloud Identity and Access Management (IAM) roles. A billing account is connected to a Google payments profile that includes a payment instrument to which costs are charged.
Payments Profile: Payments Profile Is a Google-level resource managed at payments.google.com. It connects to ALL of your Google services (such as Google Ads, Google Cloud, and Fi phone service), Processes payments for ALL Google services (not just Google Cloud), Stores information like name, address, and tax ID (when required legally) of who is responsible for the profile.
Hope you have enjoyed this article, in the next blog post, we discuss AWS EC2 vs Azure Virtual Machines vs GCP Compute Engine.
Reference Links:
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_getting-started_concepts.html
https://cloud.google.com/resource-manager/docs/cloud-platform-resource-hierarchy