Rule: AWS Account Should Be Part of AWS Organizations
This rule ensures AWS account is included in AWS Organizations for better management and security.
| Rule | AWS account should be part of AWS Organizations |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ High |
Rule Description
The rule states that the AWS account should be part of AWS Organizations for compliance with the NIST 800-53 Revision 5 security framework. AWS Organizations provides central management and governance over multiple AWS accounts, enabling you to consolidate billing, set access controls, and apply policies across all accounts. By having your AWS account as part of AWS Organizations, you can ensure better security, compliance, and operational efficiency.
Troubleshooting Steps
If your AWS account is not currently part of AWS Organizations, follow the troubleshooting steps below:
- 1.
Check if your account is already part of AWS Organizations:
- Open the AWS Management Console.
- Go to the Organizations service.
- If your account is listed under the Organization ID, it is already part of AWS Organizations. In this case, the rule is already compliant.
- 2.
Create an AWS Organization:
- If your account is not listed under the Organization ID, you need to create an AWS Organization.
- Open the AWS Management Console.
- Go to the Organizations service.
- Click on "Create organization."
- Choose whether you want to create a new organization or join an existing one.
- Follow the provided prompts and enter the required information.
- 3.
Add your AWS account to the AWS Organization:
- Once you have created an AWS Organization, you need to add your AWS account to it.
- Open the AWS Management Console.
- Go to the Organizations service.
- Select your Organization.
- Click on "Accounts" in the left navigation panel.
- Click on "Add account."
- Follow the provided prompts to add your AWS account to the Organization.
- 4.
Verify account addition:
- Once your AWS account is added to the AWS Organization, verify the account's presence.
- Open the AWS Management Console.
- Go to the Organizations service.
- Select your Organization.
- Click on "Accounts" in the left navigation panel.
- Ensure that your account is listed and has the appropriate status.
Necessary Code
There is no specific code required for this rule. The steps mentioned above can be carried out through the AWS Management Console.
Remediation Steps
Follow the step-by-step guide below to remediate this rule:
- 1.
Open the AWS Management Console.
- 2.
Go to the Organizations service.
- 3.
If your AWS account is not part of an organization, click on "Create organization" and follow the prompts to create one. If you already have an organization, skip to the next step.
- 4.
Select your organization from the list.
- 5.
Click on "Accounts" in the left navigation panel.
- 6.
If your AWS account is not listed, click on "Add account."
- 7.
Follow the on-screen prompts to add your AWS account to the organization.
- 8.
Once your AWS account is added, verify its presence by checking the account list under your organization.
By completing these steps, your AWS account will be part of AWS Organizations, ensuring compliance with the NIST 800-53 Revision 5 security framework.