AWS Account Groups

From our glossary:

AWS Account Groups make it easier to target many AWS Accounts in a Rule. Once an AWS Account Group is created and selected in Rules, a User only has to modify the AWS Account Group to influence which AWS Accounts are targeted in those Rules.

AWS Account Groups are particularly helpful to organizations managing AWS Accounts that are logically or functionally related, such as all AWS Accounts for a particular application or possibly all development accounts across all applications for an entire organization.

By leveraging AWS Account Groups, rule creation and maintenance is simplified and AWS Account level user access control becomes easy to configure.

Creating an AWS Account Group

  1. To get started, click the Team Menu, then Platforms
  2. Navigate to AWS Account Groups
  3. Click the Add Account Group button
  4. Give your Account Group a name which describes the nature of the Accounts that it will contain e.g. non-production, sandbox, QA etc.
  5. Using the selector choose the AWS Accounts you wish to add as members of this AWS Account Group
  6. Click the Save Account Group button and you are ready to use this AWS Account Group in any Rule

Updating an AWS Account Group

  1. Click on the ellipsis in the Actions column beside the AWS Account Group you wish to modify
  2. Click Edit Account Group
  3. Modify the Name or member AWS Accounts
  4. Click Update Account Group

Using an AWS Account Group in a Rule

  1. After you have created an AWS Account Group, click on Rules via the navigation bar
  2. Click the Add a New Rule button
  3. Click the Set Context badge
  4. You should see your AWS Account Group's listed, and on hover you will notice you some visual feedback to indicate which AWS Accounts are part of the hovered AWS Account Group. Select your AWS Account Group
  5. Finish all other parts of your Rule and click Save Rule. You are now using an AWS Account Group to target your AWS Accounts