Feature overview
Provide understanding and grouping for hierarchical accounts coming from clouds.
Goals
- Provide support for hierarchies in the clouds supported.
- Allow the customer to see charages for one element on the hierarchy (i.e. an AWS Organizational Unit and everything associated to it up to the end of the hierarchy)
- Allow the administrator to define those hierarchies for RBAC, allowing a customer to see one level of the hierarchy and everything below (in contrast to defining a list of accounts)
Background
Accounts in the cloud can often be hierarchical. Depending on the business of the customer, many accounts can be organized to reflect better the requirements from the business.
AWS currently provides different organizations. In the basic one, a customer can have a master account (that accrues all data from the different accounts), and member (linked) account.
However, that is not enough for customer, so clouds offer additional ways of organizing their accounts into hierarchies.
Amazon also provides a way of organizing accounts together for management purposes (not billing). You can use organizational units (OUs) to group accounts together to administer as a single unit. This greatly simplifies the management of your accounts. For example, you can attach a policy-based control to an OU, and all accounts within the OU automatically inherit the policy.
Reflecting this organization into the account and RBAC of cost management can greatly reduce the requirements for organization inside cost management and thus make things easier for customers