AWS – Inviting an account

How to Create ASP.NET Core 3.1 MVC Applications

While it makes sense to create new accounts in your organization, what do you do with all the other accounts you have now?

You can invite existing accounts into your organization, which means you can treat them just like a member account from an administrative point of view. This greatly simplifies the administrative overhead of your accounts, as there isn’t a separate process for old and new accounts.

As this is generally performed once for each existing account, we will use the console.

All of AWS Organization’s functionality is available via the SDKs and the AWS CLI tool. If you need to automate this process, you can.

Getting ready

You must have enabled AWS Organizations for one of your accounts (your master account) and have another account that has not been made part of an organization yet (that you will invite).

How to do it…

Perform the following steps to invite an account:

  1. From the AWS Console of the master account, click on your username and select  My Organization from the drop-down menu:

My Organization
  1. You will be taken to the  AWS  Organization s console, where you will see your current account:

AWS Organizations
  1. Click on the  Invitations tab in the top-right corner of the console:

Invite account
  1. Click on the  Invite account button. Specify the account ID (or main email address) of the account to invite.
  2. Once you click  Invite, you will be taken to a list of invitations where you can view their status.
  3. At this stage, the target/invited account will receive an email notifying it of the invite.
  1. Log in to the invited account and go to the  My Organization link under the user menu.
  2. In the  AWS Organizations console, you can see the pending invite on the left:

Pending invite
  1. By clicking on the invite, you can see its details. Click Accept:

Invite details
  1. When the invite includes all the necessary features, you will be asked to confirm your acceptance:

Confirm joining the organization
  1. You can now see the details of the organization you have joined.
  2. At this stage, the master account will be notified of the accepted invite.
  3. Back in the master account, you can now see the new account alongside the master:

New Organizations account

How it works…

While there are many steps involved, the process of inviting an existing account is a relatively simple handshake process. This means that both sides must actively initiate/accept the invite for it to succeed – an invite cannot be forced.

After specifying the target account’s account ID (or email address), the associated email address will be notified.

As part of the handshake process, the invited account must explicitly accept the invite.

It is important to note that the default invite type (and what we have used in this recipe) uses the full feature set for AWS Organizations. As noted in the console, this means that the invited account could be prevented from leaving the organization if the relevant policies are configured.

After confirmation, both parties will receive an email detailing the membership. From now on, the bill for the invited account will be paid by the master account.

There’s more…

Invited accounts are treated differently from accounts that are created via the organization’s functionality. Below are two type of account that we will look into:

  • Removing accounts
  • Consolidated billing

Removing accounts

Unlike member accounts (which are created via the AWS Organizations API), invited accounts can be removed from an organization.

Consolidated billing

As an alternative to the full feature invite, it is possible to specify just consolidated billing mode for an organization. In this mode, no OUs or policies will be available; only the billing relationship will be shared between the accounts (that is, the master account will pay the bill of the member accounts).

Any preexisting accounts that were configured to use consolidated billing will have been automatically migrated to AWS Organizations in consolidated billing mode.

See also

  • The Creating a member account recipe in this chapter

Comments are closed.