Manage AWS Accounts Using AWS Organizations

With AWS Organizations, you can create and manage all the AWS accounts in your master account. In this chapter we'll look at how to create multiple AWS accounts for the environments in our serverless app.

Create AWS accounts

Go to the AWS Organizations console.

Select AWS Organizations service

The account labeled with the star is your master AWS account. This account cannot be removed from the organization.

Select Add account.

Add account in AWS Organizations

You can either create a new AWS account or if you already have multiple standalone AWS accounts, you can add them into your organization.

Select Create account.

Create account in AWS Organizations

Let's create our Production account first. Fill out the following:

  • Full name: Enter Prod, Production or what you would like to call this account. It is used for display purposes only.
  • Email: Each account requires a unique email address. Emails with the '+' sign are allowed.
  • IAM role name: Leave this empty. When creating a new account, AWS Organizations automatically creates an IAM role in the new account that allows the master account to be able to assume into it. Actually, it's the only way to access a newly created account. By default, the IAM role is named OrganizationAccountAccessRole, you can give it another name.

Set Production account detail

Now, you have 2 AWS accounts in your organization.

Production account created in AWS Organizations

Access AWS accounts

Next, let's try switch into the Production account. First, take a note of the newly created Account ID. We need this number in the next step.

Then, select the account picker at the top.

Select account picker in AWS console

Select Switch Role.

Select switch role in AWS console

Fill in the following:

  • Account: Account ID of the newly created Prod account from the previous step.
  • Role: Name of the IAM role from the previous step. If you left it blank, use OrganizationAccountAccessRole.
  • Display Name: It's good to use the name (Full name) from when we created the account. It'll help keep things recognizable.
  • Color: Pick a color that represents Production for you.

Note that the Display Name and Color fields are personal to you. Your team members will need to set this up again on their own.

Then select Switch Role.

Assume role in Production account

Now, you are in the Prod account. You can check which account you are currently assumed into by looking at the top bar.

You can switch back to the master account by clicking on the account picker and selecting Back to master .

Switch back to master account

Next, repeat the above steps to create the Development account.

Create Development account in AWS Organizations

Now we have our AWS accounts created. Let's make sure we are using these environments correctly in the configuration of our app.