How To Create An Organizational Unit Using AWS CLI

How To Create An Organizational Unit Using AWS CLI

Hello Everyone

Welcome to CloudAffaire and this is Debjeet.

In the last blog post, we have discussed, how to create an organization and add members to it in AWS.

https://cloudaffaire.com/how-to-create-an-organization-in-aws/

In today’s blog post, we will discuss how to create an Organizational Unit using AWS CLI. An Organizational unit is a container for accounts within a root. An OU also can contain other OUs, enabling you to create a hierarchy that resembles an upside-down tree, with a root at the top and branches of OUs that reach down, ending in accounts that are the leaves of the tree. When you attach a policy to one of the nodes in the hierarchy, it flows down and affects all the branches (OUs) and leaves (accounts) beneath it. An OU can have exactly one parent, and currently each account can be a member of exactly one OU.

How To Create An Organizational Unit Using AWS CLI

Next, we are going to create two Organizational unit named “Foundation” and “Regulatory” and move member accounts from root OU to respective OU as shown in above diagram.

How To Create An Organizational Unit Using AWS CLI:

Prerequisites:

  • Three active AWS account with admin access.
  • AWS organization created and two member accounts added.
  • AWS CLI installed and configured with admin access to each account.

I have already configured three AWS CLI profile for each account as below

You can use below link to install and configure AWS CLI.

https://cloudaffaire.com/how-to-install-aws-cli/

https://cloudaffaire.com/how-to-configure-aws-cli/

Step 1: Check the details for your AWS Organization using AWS CLI

Step 2: Create a new OU named “Foundation” under Root OU using AWS CLI

Step 3: Next, move the member1 account from Root OU to Foundation OU

Step 4: Create a new OU named “Regulatory” under “Foundation” OU.

Step 5: Move member2 account form Root OU to Regulatory OU.

Step 6: Confirm the OU structure

If you login to the management account and check the organization again, you should get below structure where the Foundation OU is under Root OU containing member1 account and child OU Regulatory OU. The Regulatory OU contains member2 account but no further child OU.

How To Create An Organizational Unit Using AWS CLI

If you wondering why the hell, we have created OU hierarchy in this fashion, wait for the upcoming blog post 😊 The purpose of creating such a hierarchy is to explain SCP which will be covered in upcoming blog.

Hope you have enjoyed this article. To know more about AWS organization, please refer below official documentation

https://docs.aws.amazon.com/organizations/index.html

Leave a Reply

Close Menu