ishenwei/nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b5f5c710f07f3255f4f833b875f6698f9f5966cd
nexus/wiki/concepts/AWS-Organizations.md
weishen e62797a33a Batch 9: Obsidian插件/AI开源平替/Coze培训/TK面单/Ubuntu科学上网 
- Sources: 5个新文档
- Concepts: ProxyChains, SOCKS5代理, Docker Daemon代理
- Index: 更新至 Batch 9
- 累计 sources: 108/182
2026-04-16 06:36:36 +08:00

30 lines
1.3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: "AWS Organizations"
type: concept
tags: [aws, governance, multi-account, security]
date: 2025-10-25
---
## Definition
AWS OrganizationsAWS 账户集中管理服务通过组织单位OU树形结构对多个 AWS 账户进行分组治理,实现统一策略管理、账单整合和跨账户服务委托。
## Key Properties
- **组织单元OU**:账户的逻辑分组,支持嵌套,策略继承
- **服务控制策略SCP**:在 OU 或账户级别限制 IAM 权限,超越账户内 IAM 策略
- **可信访问Trusted Access**:授权 AWS 服务(如 StackSets跨账户AssumeRole无需手动配置
- ** delegated administrator**:为特定服务指定委派管理员账户
## Multi-Account DevOps Role
StackSets 集中日志方案依赖:
- 启用 StackSets 可信访问Organization 级别授权)
- 指定管理账户为 delegated administrator
- OU ID 作为 StackSets 部署目标范围
## Related Concepts
- [[CloudFormation StackSets]]:依赖 Organizations 实现跨账户授权
- [[Multi-Cloud-Governance]]Organizations 是 AWS 侧多账户治理的核心框架
- [[Zero-Trust]]Organizations + SCP 是 Zero Trust 在 AWS 环境的策略实施层
## Source
[[AWS-CloudFormation-StackSets-多账户集中日志监控]]
Reference in New Issue View Git Blame Copy Permalink