Posted On: Sep 15, 2020

Amazon Organizations added new capabilities to its existing support for tagging Amazon Web Services China region accounts in your organization. Now you can attach tags, or user-defined attributes, to Organizational Units (OUs) and the organization’s root thus enabling you to easily identify, classify, or categorize resources in your organization. You can also tag these resources as you create them, giving you a convenient way to ensure that all your Amazon Organizations resources are always tagged.  

Additionally, you can now leverage these tags for attribute-based access control (ABAC). ABAC is an authorization strategy that defines permissions based on tags attached to users and Amazon Web Services resources. ABAC simplifies permissions management as you can author a single permission policy that you don’t need to update as new resources are added to your Amazon Web Services environment. You can also improve your security posture by authoring granular permission rules based on the tags you define.  

Amazon Organizations helps you centrally govern your multi-account environment as you grow and scale your workloads on Amazon Web Services China region. Using Amazon Organizations, you can automate account creation and group accounts to reflect your business needs. You can also simplify billing by setting up a single payment method for all of your Amazon Web Services China region accounts. 

You can get started with these new features using the Amazon Organizations console or programmatically via the Amazon SDK at no additional cost. For more information, please visit documentation on Tagging in Amazon Organizations.