The Multi-Account Organisation Pattern That Scales

AWS Organizations + SCPs + per-team accounts. The pattern that scales to large companies and the gotchas that hide.

Structure

Organisation root: management account. OUs for environments (prod, non-prod). Per-team accounts within.

Centralised billing; decentralised operations.

SCPs

Service Control Policies enforce guardrails: required regions, denied services, mandatory MFA.

Tested before applying. SCPs can lock everyone out if mistuned.

Gotchas

Cost reporting per OU requires Cost Explorer setup.

Cross-account permissions need careful design.

Account closure is hard; plan account retention.