Module 10: Organizations Assignment
Tasks To Be Performed:
- Create an AWS Organization.
- Create 3 organization units – OU1, OU2 and OU3.
- Attach a service control policy which only allows access to EC2.
Task 1: Create an AWS Organization
In this instance, the account in use is not new and an AWS Organization has already been established.
Task 2: Create 3 Organization Units (OUs)
1. Navigate to AWS Organizations:
- I make sure I’m in the “Organize accounts” view, which shows me my AWS Organization and its structure.
2. Create Organization Units:
- I navigate to the AWS Organizations page.
- In the “Organizational structure” section, I click on the “Root” organizational unit (OU).
- On the right side of the page, I click on the “Actions” dropdown menu and select “Create new”.
- A pop-up dialogue appears, and I enter a name for my organizational unit, such as “OU1”.
- I click on “Create organization unit”.
- I see that the new organizational unit “OU1” has appeared under the “Root” OU in the organizational structure.
- I repeat the above steps if I want to create additional organizational units.
Task 3: Restricting AWS Access to EC2 Only
-
I log into my AWS account and navigate to the AWS Organizations dashboard.
-
On the left side of the dashboard, I click on “Policies”.
-
Within the “Policies” section, I click on “Service control policies”.
-
To enable service control policies, I click on the “Enable service control policies” button.
-
Once enabled, I proceed to create a new policy that allows EC2 access. To do this: a. I click on the “Create policy” button (or a similar action button). b. In the policy editor, I provide the necessary JSON policy document that allows EC2 access. c. I provide a name for the policy, for example, “Access to EC2”, and any other required details. d. I click “Save” or “Create” to finalize the policy creation.
-
After the policy “Access to EC2” is created, I select it from the list of available policies.
-
With the policy selected, I click on the “Actions” dropdown menu.
-
From the dropdown, I select “Attach policy”.
-
A dialogue or new page appears, listing all the organizational units (OUs). I select the OUs I recently created to which I want to attach this policy.
-
Once the desired OUs are selected, I confirm the action, attaching the “Access to EC2” policy to the chosen OUs.
Now, the “Access to EC2” policy is attached to the selected organizational units, granting them the permissions defined in the policy.