image
Implementing AWS Organizations

Contents

DOP-C02 Introduction
Amazon CloudWatch
3
4
Anomaly Detection
PREVIEW14m 35s
Advanced CloudFormation Skills
14
State Machines
PREVIEW8m 54s
15
Data Flow
19m 36s
AWS OpsWorks
21
Parameter Store vs. Secrets Manager
40
AWS Service Catalog
41
AWS Service Catalog
PREVIEW10m 34s
AWS Control Tower
47
AWS Control Tower
PREVIEW19m 56s
Managing Product Licenses
Amazon Managed Grafana
Amazon Managed Service for Prometheus
AWS Proton
57
AWS Resilience Hub

The course is part of this learning path

Start course
Difficulty
Intermediate
Duration
7h 24m
Students
80
Ratings
4.3/5
starstarstarstarstar-half
Description

This course provides detail on the AWS Management & Governance services relevant to the AWS Certified DevOps Engineer - Professional exam.

Want more? Try a lab playground or do a Lab Challenge!

Learning Objectives

  • Learn how AWS AppConfig can reduce errors in configuration changes and prevent application downtime
  • Understand how the AWS Cloud Development Kit (CDK) can be used to model and provision application resources using common programming languages
  • Get a high-level understanding of Amazon CloudWatch
  • Learn about the features and use cases of the service
  • Create your own CloudWatch dashboard to monitor the items that are important to you
  • Understand how CloudWatch dashboards can be shared across accounts
  • Understand the cost structure of CloudWatch dashboards and the limitations of the service
  • Review how monitored metrics go into an ALARM state
  • Learn about the challenges of creating CloudWatch Alarms and the benefits of using machine learning in alarm management
  • Know how to create a CloudWatch Alarm using Anomaly Detection
  • Learn what types of metrics are suitable for use with Anomaly Detection
  • Create your own CloudWatch log subscription
  • Learn how AWS CloudTrail enables auditing and governance of your AWS account
  • Understand how Amazon CloudWatch Logs enables you to monitor and store your system, application, and custom log files
  • Explain what AWS CloudFormation is and what it’s used for
  • Determine the benefits of AWS CloudFormation
  • Understand what the core components are and what they are used for
  • Create a CloudFormation Stack using an existing AWS template
  • Learn what VPC flow logs are and what they are used for
  • Determine options for operating programmatically with AWS, including the AWS CLI, APIs, and SDKs
  • Learn about the capabilities of AWS Systems Manager for managing applications and infrastructure
  • Understand how AWS Secrets Manager can be used to securely encrypt application secrets
Transcript

Hello and welcome to this lecture which will explain how to initially set up and configure AWS organizations. Setting up an organization is a very simple process that starts from a master AWS account. Your master account is a standard AWS account that you have chosen to create the AWS organization. It's best practice to use this AWS account solely as a master account, and not to use it to provision any other resources such as EC2 instances, et cetera. This allows you to restrict access to the master account at a greater level. The few users who need access to it, the better, and you need to do this because the master account carries certain administrative level capabilities such as being able to create additional AWS accounts within your organization, invite other accounts to join your organization, remove AWS accounts from your organization, and apply security features via policies to different levels within your organization.

Once you have selected your AWS account to be used as a master account, you can create an organization. From here, you have two choices when creating an organization type: enable all features or enable only consolidated billing. If you want to set up service control policies, then you need to select enable all features.

The second option allows you to control payments and manage costs centrally from that master account across all associated AWS accounts within the organization. When the organization is created, the master account can create organizational units for AWS account management as required. The master account can also invite other member AWS accounts to join the organization. During this invitational process, the account owner of these invited AWS accounts will receive an email requesting that their AWS account join the organization. Once the accounts have joined the organization, the master account can then move these accounts into the corresponding OUs that have been created and associate relevant service control policies with them.

Let me now show you via demonstration on how to create a new organization and invite an existing account to join it. Now I'm logged into my AWS management console in the AWS account that I want to be the master account, and the first thing I need to do is go to AWS organizations, which is under the management and governance category, and you can see, it's just at the top here.

So if I go into organizations, and at the moment, I don't have any organizations set up or created. So the first thing I need to do is click on create organization, and this gives you a quick, high-level screenshot just to explain what creating an organization does. So it provides single payer and centralized cost tracking, it lets you create and invite accounts, it allows you to apply policy-based controls, and it helps you simplify organization-wide management of AWS services.

Now, as I mentioned previously, there's two options when you create your organization. You can only create it with all features enabled, which is what I just listed, or as you can see here, you can just create your organization to consolidate your billing features. With this demonstration, I'm going to create it with all features. So let's go ahead and create our organization, and that's effectively it. So it's very easy to create your AWS organization to start with, and because this is a brand new organization, this is my master account, which is signified by this star here, and this is my account name, and my account ID.

So, to actually create the organization is very simple, but now I want to add another account as a member account, so let me go ahead and do that. So if I select add account, now I have two options here. I can invite an existing account or create a new account. Now I already have another AWS account, so I'm going to invite an existing account. Now I need to enter the email or account ID, so I'll just paste in my account, and you can add any notes here, for example, please join my organization, and then you select invite.

Okay, now we can see that we have a request that's been sent as an invitation. The status is currently open. So now the email address that was registered with this account will get an invitation and they must accept that invite into this organization. So let's take a look and see if I got that email. So here we can see the email that's been sent to the owner of that member account, and it says, Stuart would like to add your AWS account to their organization as a member account, and then it just gives some additional blurb about AWS organizations, but to accept the invitation, and to understand what features have been enabled, we need to click on this link here.

So if I select that link, and sign in to my account using my details and MFA code, then I can see that I have an invitation from AWS organizations. We can see the organization ID, the master account name, and the requested controls, which is enable all features. So here, I can either accept or decline and I'm going to accept. I just need to confirm the confirmation message about joining the organization.

Okay, now this member account is now a part of that organization. So if I go back to my master account now, I can see now that within my AWS organization of my master account, I have the CA demo account, which is the name of my other account, and we can see that it's not a master because it hasn't got the star whereas this account has the, this is the master account. So as you can see, it's a very simple process to invite other accounts to your organization.

Now I also mentioned previously about organizing accounts and using organizational units. So if we select organize accounts, at the moment, we only have the root in here. So I can create the new organizational unit and assign each of these accounts into those. So, for example, let me create a new organizational unit called production.

Now I'm also going to create a second organizational unit called test. So let me create another one. At the moment, under root, we have our two accounts. So we have our master account and our member account here. Now I want to move my master account into the production organizational unit, just to make things a little more organized. So I can select the account, click on move, and then simply select where I want it to reside within the tree, and then click move, and we can see, it's now been removed from the root location, and I want to do the same with the member account, but this time, I want to move that into the test OU. So now, if I click on production over here, this organizational unit, we can see the account that it has inside it, and again, if we go back to the root and click on test, we can see that we have the member account. So I just wanted to show you that quickly just to show you how you can easily and quickly organize your different AWS accounts.

Okay, and that's the end of the demonstration.

About the Author
Students
229443
Labs
1
Courses
216
Learning Paths
173

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.