# AWS Organization

AWS Organizations provides centralized management for multiple AWS accounts, enabling policy enforcement, account structure organization, and security best practices across an enterprise.

### **Why SecureCart Uses AWS Organizations & OUs for Multi-Account Security**

* **Centralized management** of multiple AWS accounts.
* **Granular access control** using Service Control Policies (SCPs).
* **Secure authentication & authorization** with IAM Identity Center (AWS SSO).
* **Isolation of workloads** with Organizational Units (OUs).
*  **Cost and billing optimization** via consolidated billing.

***

## **AWS Organizations and OUs Overview**

### **AWS Organizations**

AWS Organizations is a service that allows SecureCart to

* Manage multiple AWS accounts centrally.
* Define access policies (SCPs) across accounts.
* Use Organizational Units (OUs) to group accounts logically.
* Enable IAM Identity Center (AWS SSO) for federated access across accounts.

***

### **Organizational Units (OUs)**

* OUs help SecureCart organize AWS accounts into hierarchical groups.
* Policies (SCPs) are applied at the OU level to enforce security best practices.

**SecureCart’s AWS Organization Structure**

```
SecureCart Organization
│
├── Security OU
│   ├── securitytooling-account
│   ├── logarchive-account
│
├── Workloads OU
│   ├── prod-account
│   ├── dev-account
│   ├── staging-account
│
├── Infrastructure OU
│   ├── networking-account
│   ├── shared-services-account
│
├── Sandbox OU
│   ├── sandbox-dev-account
```

* **Workloads OU** → Runs SecureCart's production & development environments.
* **Security OU** → Manages security logs, GuardDuty, Security Hub, and auditing.
* **Infrastructure OU** → Handles networking, shared services, and global infrastructure.
* **Sandbox OU** → Used for testing & experimentation with restricted access.