DEV Community

Cover image for AWS Organizations: The Easy Way
Adedoyin
Adedoyin

Posted on

AWS Organizations: The Easy Way

#aws #tutorial #productivity

As you grow in AWS, you quickly learn that putting everything in one account is a recipe for disaster. You want a "Sandbox" for testing, a "Prod" for the real deal, and maybe a "Security" account.
But there’s a catch: AWS requires a unique email address for every single account. Who wants to manage five different email inboxes just to run a few Organization units(OUs)?

The Solution: Gmail Aliases + AWS Organizations
You can actually manage an entire AWS Organization using one Gmail inbox. Here is the step-by-step guide to adding a new account to an Organizational Unit (OU) using the email alias trick.

Step 1: Setting up the "Plus Alias" Trick

Main Email: yourname@gmail.com (Use this for your Management Account)
New Dev Account: yourname+dev@gmail.com e.g adehello+dev@gmail.com
New Prod Account: yourname+prod@gmail.com e.g adehello+prod@gmail.com

How it works

  • To AWS: This is a brand-new, unique email address.
  • To Gmail: It ignores everything from the + to the @ symbol. [i.e All emails sent to adehello+dev@gmail.com and adehello+prod@gmail.com will arrive in the inbox of adehello@gmail.com. All emails sent to these aliases will land in your primary inbox.

Step 2: Create the Account Directly in an OU

Instead of creating an account and moving it later, do it all in one go:

  • Log into your AWS Management Account.
    Navigate to AWS Organizations.

  • On the AWS accounts page, select the OU where you want the new account to live.

  • Click Add an AWS account > Create an AWS account.

  • Email Address: Use your alias (e.g., yourname+dev@gmail.com).

  • IAM Role Name: Keep the default OrganizationAccountAccessRole.
    This allows you to jump from your main account into this new one without a password!

Step 3: The "First Login" Gotcha

When AWS creates an account via Organizations, it doesn't ask you for a password. It generates a random one you'll never see. To log in as the Root User for the first time:
Go to the AWS Sign-In Console.
Select Root User and enter your alias email.
Click Forgot password?.
Check your primary Gmail inbox, reset the password, and you're in.

Step 4: Security Must-Dos 🛡️

Since your primary Gmail now controls multiple AWS accounts, security is non-negotiable:

  • MFA everything: Enable Hardware or App-based MFA on your Gmail account AND every AWS Root user you create.
  • Use IAM Identity Center: Once your accounts are in their OUs, set up IAM Identity Center (SSO). It’s the "modern way" to access your accounts so you never have to use the Root password again.

#aws #cloud #devops #tutorial #cloudcomputing

Top comments (0)