AWS Organizations: The Easy Way

Source: Dev.to

The Solution: Gmail Aliases + AWS Organizations

Main Email: yourname@gmail.com – use this for your Management Account

New Dev Account: yourname+dev@gmail.com (e.g., adehello+dev@gmail.com)

New Prod Account: yourname+prod@gmail.com (e.g., adehello+prod@gmail.com)

How it works

• To AWS: Each alias appears as a brand‑new, unique email address.
• To Gmail: Everything after the + and before the @ is ignored, so all messages sent to adehello+dev@gmail.com and adehello+prod@gmail.com land in the inbox of adehello@gmail.com.

All emails sent to these aliases will land in your primary inbox.

Creating the accounts in one go

1. Log into your AWS Management Account.
2. Open AWS Organizations.
3. On the AWS accounts page, select the OU where you want the new account to live.
4. Click Add an AWS account > Create an AWS account.
5. Email Address: Use your alias (e.g., yourname+dev@gmail.com).
6. IAM Role Name: Keep the default OrganizationAccountAccessRole.

Step 3: The “First Login” Gotcha

When AWS creates an account via Organizations, it generates a random root password that you never see. To log in as the Root User for the first time, you’ll need to reset the password using the email address you provided.

Security recommendations

• MFA everywhere: Enable hardware or app‑based MFA on your Gmail account and on every AWS root user you create.
• Use IAM Identity Center (SSO): After placing accounts in their OUs, set up IAM Identity Center. This modern approach lets you access accounts without ever using the root password again.

Tags: #aws #cloud #devops #tutorial #cloudcomputing