Monitor AWS Organizations Configuration Changes. Amazon Organizations is an account management tool that enables you to centralize multiple AWS accounts into an organization that you create and administer. AWS Organizations service is used for:
Controlling access to AWS services (i.e. managing individual account permissions at scale) – using Service Control Policies (SCPs) that control AWS services utilized across multiple AWS accounts by working around the permissions that these policies can grant to entities in an account such as IAM users and roles.
Central management of policies across multiple AWS accounts – Organizations service provides the necessary tools to centrally manage policies across multiple accounts without requiring custom scripts or manual implementations.
Automating AWS account creation and management – using the service API to create new accounts programmatically and to add them to groups.
Simplify billing – by enabling you to set up a single payment method for all the AWS accounts within your organization through the Consolidated Billing feature.
Monitoring configuration changes for your Amazon Organizations service in real-time is crucial for keeping your entire AWS environment secure. This Cloud Conformity RTMA rule helps you ensure that any unexpected changes performed within your AWS Organizations can be investigated and any unwanted changes can be rolled back in a timely manner.
Ultimately this enables you to control the security of the accounts currently available within your AWS Organizations and control what IAM users (including root account user) can and cannot do. The main purpose of this RTMA rule is to notify Cloud Conformity users in real-time when a configuration change (e.g. AWS account added/removed, Service Control Policy created/update/removed, etc) is detected within your organization.