How many AWS Organizations should I have?
I get this question every now and then, when someone suggests “Let’s create a separate organization for that!”. So I wanted to address this here.
In general, the best practice is to have all the accounts in one organization. and have another org just for landing zone testing at most. However, there are specific use cases where a company have more than one AWS Organizations. The reasons behind it are:
More than one IT organization (Global companies with separate business units that prefer complete separation between the Bus, and no one org to manage creation of new environments or new policies) Mergers and Acquisitions- the company acquired another company and still has not implemented their governance tools on the new company Selling BU- a BU is to be sold to another company so preparing for the sale by separating the accounts to a different Organization. Consolidated billing only- some business units do not want the IT or the department that manages the environments to have any access to their environment, so they have an AWS organization with consolidated billing only- so SCPs cannot be implemented and resources cannot be created on the organization level. Billing and legal- Company needs AWS billing to be out of separate legal entities/ separate bank account/ separate PO, etc… Partner- Part of the business is done through an AWS re-seller.
There could be other reasons to create a separate Organization, but those are the reasons I came across.
As for the impact of merging all to one Organization:
Pros:
- Maximize volume discount
- Maximize Savings plans and RIs
- Maximize credits usage
- Easier to manage, govern and operate
- Accounts in business support plans (if there are any) would be added to Enterprise support, removing the minimum spent on business support ($100 per account)
Cons:
- Would require to migrate the accounts to the same org
- Accounts migrated would lose their previous billing data in Cost Explorer
- Could impact landing zone (I’m not familiar with your landing zone, so cannot say for sure)
- Accounts that are not included in enterprise support (if there are any) would be added to enterprise support, with the additional costs
- AWS Marketplace purchases might be impacted if done from the previous payer account.
I have heard of many reasons companies consider creating another Org. I just want you to think hard- 3 years from now- Are you sure that the reasons would still be valid? Are you sure that you are able to maintain access to both Org, operations, cost optimization, monitoring and so on? If not, I recommend to reconsider it.