All Features - Kahuna915/Capstone-Cloud-Integration GitHub Wiki

Features for AWS Organizations

All Features & Consolidated Billing features

All Features

A feature set that includes Consolidating Billing features, integration with supported AWS services, and organization management policies.

All Accounts must accept the enabling of all features before the process can be completed

When accounts are invited after all features are enabled, they will be notified in the invite what features are enabled in the organization

Organizations verifies that every member account has a service-linked role name AWSServiceRoleForOrganizations

The management account can apply SCPs that can prevent member accounts from leaving the organization

The management account is not affected by any SCP SCP only affects member accounts

You cannot switch and organization with all features enabled back to consolidated billing features only

Consolidated Billing

All organizations support this subset of features, which provides basic management tools that you can use to centrally manage the accounts in your organization

Provides shared billing functionality, but does not include more advanced features of AWS Organizations You can't enable other AWS services to integrate with your organization to work across all of its accounts Cannot use Policies to restrict what users and roles in the different member accounts can do

Integration with Supported AWS services

AWS Services provide an organization-wide level of service that can help perform tasks.
Trusted Access - Enable a compatible AWS service to perform operations across all of the AWS accounts in the organization.

Delegated Administrator - A compatible AWS service can register an AWS member account in the organization as an administrator for the organization's accounts in that service.

Source

How to enable All Features

Minumum permission

  • organizations:EnableAllFeatures
  • organizations:DescribeOrganizations - Only required when using the Organizations Console

AWS Management Console

  1. Go to the Organizations console as an IAM user (With proper permissions) or the root user
  2. Go to the Settings page and choose Begin Process
  3. On the Enable All Features page, acknowledge that there is no going back to Consolidated billing and the process will begin. The process will only be complete once all of the member accounts have approved the request
  4. The Enabled all features page will show the status of the request
  5. Once the status is approved, you will need to go to Finalize and Finalize the Enable all features. After that is done, it will show: image

AWS CLI & AWS SDKs

$ aws organizations enable-all-features  
{  
    "Handshake": {  
        "Id": "h-79d8f6f114ee4304a5e55397eEXAMPLE",  
        "Arn": "arn:aws:organizations::123456789012:handshake/o-aa111bb222/enable_all_features/h-79d8f6f114ee4304a5e55397eEXAMPLE",  
        "Parties": [  
            {  
                "Id": "a1b2c3d4e5",  
                "Type": "ORGANIZATION"  
            }  
        ],  
        "State": "REQUESTED",  
        "RequestedTimestamp": "2020-11-19T16:21:46.995000-08:00",     
        "ExpirationTimestamp": "2021-02-17T16:21:46.995000-08:00",   
        "Action": "ENABLE_ALL_FEATURES",   
        "Resources": [   
            {   
                "Value": "o-a1b2c3d4e5",   
                "Type": "ORGANIZATION"   
            }   
        ]  
    }    
}

More in regards to accepting requests through CLI & SDKS

Source