SaaS / AWS

Utilizing AWS Organizations for your multi-account SaaS architecture

Aaron Walker

6 Minute Read

In the previous blog post of this six-part series on taking your SaaS product global, we discussed the many robust architecture options available on Amazon Web Services (AWS). However, while these can help any organization market and sell their product on the global stage, dealing with multiple accounts over multiple regions can be a headache.

To simplify managing many different regions and the various accounts that operate within them, companies should turn to AWS Organizations for better control over their AWS accounts.  

This final article will cover what AWS Organizations is, the benefits that it provides and what a best practice AWS Organizations account should have. 

AWS Organizations explained

If you’re looking to run multiple accounts in AWS, this is the service for you. It helps companies to manage their AWS accounts for any number of regions and allows businesses to have better governance over their AWS footprints. 

AWS Organizations grants companies the ability to seamlessly create new accounts, manage them, group them into Organizational Units (OUs) and apply policies over which services are enabled within specific regions for specific accounts.

It simplifies how you run your accounts and lets your organization take better control of the creation and management of your entire AWS infrastructure in a way that is easy for your IT team.

Without AWS Organizations, the process of creating and managing your accounts can be time-consuming and forces your teams to focus on account management instead of business-forward tasks. The AWS Organization’s management system is powerful enough to create workflows that help generate accounts and organize them into units that are associated with specific tasks or departments. These workflows allow your organization to apply policies to these groups which helps ensure that your product is running under proper governance and policy for security and data compliance.

One of the best features of AWS Organizations is its frameworks. The tech stack includes a centrally defined management configuration, account security policies and — very important when it comes to regulatory compliance — auditing. You can create an auditing account where you can filter and send all of your audit information. When the time comes for auditors to come knocking at your door, you can give them all the information on the account, making the process quick and easy. With many auditors becoming savvy with tools like AWS Organizations, having this structure set up and ready to go can simplify your regulatory compliance efforts immensely.

AWS Organizations is a widely beneficial tool for any company that wants to seamlessly scale on the cloud without the headaches traditionally associated with multiple accounts.

Some of the additional benefits that AWS Organizations can provide include:

  • Providing quick environment scaling with seamless new account creation for your teams with minimal setup time
  • Simplifying your permission management workflows that help to maintain strong governance without sacrificing flexibility
  • Managing your costs across all of your AWS accounts and regions
  • Automating how your organization provides accounts in a manner that suits your company’s security and compliance needs
  • Ensuring that your users can access exactly what they need in a timely way, reducing wait times for information and log-ins

AWS Organizations can help any company on a global scale to get a better handle on the management of their accounts and help to reduce large amounts of administrative work relating to compliance and provisioning. But, what does a best practice setup for AWS Organizations look like?

The best practice tools and features you should be using with AWS Organizations

Here is an example of what a best practice AWS Organizations Account set up might look like.

  AWS Organizations_Best Practice Account Setup

When setting up AWS Organizations you should structure your AWS accounts hierarchically into Organizational Units that work for your organization. One example for a SaaS business would be to create Organizational Units per product and sub OUs for dev, test and production accounts.

Once you have set up your Organizational Units you should also create 3 additional accounts for logging, security management and auditing. It’s recommended that these accounts are created in their own Organizational Unit separate from the business Organizational Units. It’s possible to provision these accounts directly using AWS Organizations but I recommend that you use AWS Control Tower to provision these accounts for you.

AWS Control Tower

AWS Control Tower allows you to provision resources across accounts within your organization and create standardized landing zones for your Organizational Units and accounts.

It allows you to quickly create a well-architected multi-account environment, and automate the creation of your AWS accounts. Utilizing AWS Control Tower is one of the best ways to further simplify your experience with multiple accounts and ensure that your AWS Organizations experience is smooth.

AWS IAM Identity Center - The successor to AWS Single Sign-On

One of the most powerful ways to use AWS Organizations is to combine it with AWS IAM Identity Center. It replaces the need to use individual IAM Users in each of your AWS accounts. It provides a single sign-on to all of your AWS accounts and allows role-based access controls to accounts within your AWS Organizations.

You can create permission sets within AWS IAM Identity Center that you can apply at the individual accounts or at the Organizational Unit level. The permission sets can be assigned to roles and accounts to ensure that users have the minimum permissions needed.

What makes this solution even more helpful is that it can be connected directly to your existing enterprise directory through a whole host of providers, including Google, Octa, Azure or AWS IAM Identity Center itself — making this a flexible option for any company. There is really no excuse not to use AWS Organizations and IAM Identity Center as both of these services are free.

Getting started with AWS Organizations

If you’re looking to take your SaaS product to the global stage, implementing a multi-account architecture utilizing AWS Organizations is highly recommended. It is the best tool that you can use to ensure that your business can scale with the increased demand and complexity that the transition requires.

To make the process even smoother and faster you should consider working with a partner who has in-depth knowledge of AWS systems and how to develop a SaaS product for a global audience. At base2Services, we’ve helped numerous organizations take their SaaS offerings to new markets with our expertise in AWS and SaaS. Our unique DevOps approach to building architecture can help you take your business to the next level, as demonstrated by our successful collaboration with Tuned Global.

 This concludes our comprehensive six-part blog series. This final installment, focused on getting started with AWS Organizations, builds upon the insights I shared in the previous posts. In the first four posts in the series I discussed key challenges to consider when taking your SaaS product global, along with expert advice on how to navigate your way through them. In the fifth post I delve into the 5 different AWS architecture patterns that can help any company market and deliver their SaaS solution to a worldwide market. 

Understanding the challenges and adopting the right AWS architectural patterns is essential for successfully expanding the worldwide reach of your SaaS solution. By leveraging AWS Organizations and partnering with experienced AWS experts like base2Services, you can ensure a smooth transition and continued growth. 

Explore the entire series to gain valuable insights and ensure your product's success:

If you haven't already, be sure to watch the videos of our webinar on this topic for more insights.

Contact us today to learn more about how base2Services can help you thrive on a global scale.

More Blog Posts