5

I'm investigating users and groups in AWS and have some confusion regarding an AWS IAM Group and an Organizational Unit. They both seem to implement the same functionality such as organizing like accounts with similar tasks and assigning policies to groups of accounts. What are the differences? Any further insight would be appreciated.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
glez
  • 1,170
  • 3
  • 16
  • 42

1 Answers1

1

An IAM group is a collection of IAM users, while an OU is a group of AWS accounts.

jellycsc
  • 10,904
  • 2
  • 15
  • 32
  • 1
    So an IAM user does not have to have or be an AWS account? The functionality seems very similar to the point where, if it were allowed, placing an IAM user into a OU would implement the same level of functionality. – glez Nov 24 '20 at 22:25
  • 1
    An IAM user must belong to an AWS account. – jellycsc Nov 24 '20 at 22:28
  • Can an AWS account have multiple IAM users assigned to it? – glez Nov 24 '20 at 22:38
  • OUs can be used in AWS' consolidated billing feature so that also differentiates them. – glez Nov 25 '20 at 19:35