What is the difference between an AWS IAM Group and an Organizational Unit?

About

Asked 24/11, 2020 at 21:54 Answered 24/11, 2020 at 22:2

Solved amazon-web-services amazon-iam ou

I'm investigating users and groups in AWS and have some confusion regarding an AWS IAM Group and an Organizational Unit. They both seem to implement the same functionality such as organizing like accounts with similar tasks and assigning policies to groups of accounts. What are the differences? Any further insight would be appreciated.

Chlores answered 24/11, 2020 at 21:54 Comment(0)

An IAM group is a collection of IAM users, while an OU is a group of AWS accounts.

Decent answered 24/11, 2020 at 22:2 Comment(4)

So an IAM user does not have to have or be an AWS account? The functionality seems very similar to the point where, if it were allowed, placing an IAM user into a OU would implement the same level of functionality. – Chlores 24/11, 2020 at 22:25

An IAM user must belong to an AWS account. – Decent 24/11, 2020 at 22:28

Can an AWS account have multiple IAM users assigned to it? – Chlores 24/11, 2020 at 22:38

OUs can be used in AWS' consolidated billing feature so that also differentiates them. – Chlores 25/11, 2020 at 19:35

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags