Creating and managing an organization

You can perform the following tasks using the AWS Organizations console or by running an AWS Command Line Interface (AWS CLI) command or the equivalent AWS SDK API operations:

Create an organization. Create your organization with your current account as its management account. Create member accounts within your organization, and invite other accounts to join your organization.
Enable all features in your organization. Enabling all features is the preferred way to work with AWS Organizations. When you create an organization, you have the option to enable all features or a subset of features for consolidating billing. Enabling all features is the default, and it includes Consolidated Billing features.

With all features enabled, you can use the advanced account management features available in AWS Organizations such as service control policies (SCPs). SCPs offer central control over the maximum available permissions for all accounts in your organization, helping you to keep your accounts within your organization’s access control guidelines.
View details about your organization. View details about your organization and its roots, organizational units (OUs), and accounts.
Delete an organization. Delete an organization when you no longer need it.

Note

The procedures in this section specify the minimum permissions needed to perform the tasks. These typically apply to the API or access to the command line tool.

Performing a task in the console might require additional permissions. For example, you could grant read-only permissions to all users in your organization, and then grant other permissions that allow selected users to perform specific tasks.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Best practices for member accounts

Creating an organization