AWS Organisations allow programmatic creation and centralised management of AWS accounts. They can be used to consolidate billing across a number of distinct organisational units


  • Organisations can be modelled as a tree made up of organisational units and AWS accounts. The organisation creates a Root container for OUs and accounts.
  • Organisational units are containers for accounts within the root, and can be nested to model organisational hierarchy.
  • Accounts belong to organisational units.
    • The Management account (formerly known as the Master account) is privileged, and is able to manage the Organisation. It's also the payer account.
  • Service Control Policies can be applied at account or organisational unit and flow down, apply guardrails which restrict access to AWS services or permissible configurations for each account.

Accessing a member account

Account -> Switch Roles, enter the account ID and the name of the created role (it defaults to OrganizationAccountAccessRole) and assign it a meaningful name and colour. The console will cache the last 5 roles in your browser cache.

This browser extension simplifies switching between multiple accounts, determining which switches are possible based on the account IDs in the Console page and the source_accounts specified in your configuration.


  • AWS accounts require separate email addresses.
  • An AWS organisation can contain up to 5,000 AWS accounts.