Announcement

Connect your AWS Organizations with Guardrails

Automatically sync and maintain your entire AWS Organizations structure in Turbot Guardrails with just a few clicks.

Turbot Team
5 min. read - Jan 29, 2025
Automatically sync and maintain your entire AWS Organizations structure in Turbot Guardrails with just a few clicks.

We're excited to announce native AWS Organizations support in Turbot Guardrails, making it easier than ever to bring your existing AWS organizational structure into your cloud governance framework.

Historically, cloud teams have structured their AWS accounts primarily around billing and cost center considerations. This structure, while effective for financial management, may not always align perfectly with governance requirements. Guardrails has always supported connecting individual AWS accounts through our UI, API, and Terraform provider. This flexibility allowed customers to either maintain their existing cloud organization structure or transform it into a governance-focused hierarchy, often integrating accounts across multiple cloud providers.

As AWS Organizations has matured and become the standard for AWS account management, our customers have increasingly requested a simpler way to import and maintain their existing AWS Organizations structure within Guardrails.

Guardrails for AWS Organizations

With this new integration, you can now import your entire AWS Organizations structure into Guardrails with just a few clicks. This feature automatically:

  • Discovers and imports your complete AWS Organizations hierarchy instantly
  • Detects new accounts as they're added to your AWS organization
  • Maintains your organization units (OUs) and accounts structure in sync as changes occur
  • Supports exclusion policies to filter specific OUs and accounts
  • Enables controls to be applied at any layer of your organization hierarchy

This feature also enables enterprises to consolidate governance across multiple AWS organizations by grouping and applying policies across their entire AWS footprint.

How to connect your AWS organization

The connect page now offers an option to connect your AWS organization(s) to Turbot Guardrails.

You can choose between adding individual AWS accounts or connecting an entire organization.

To connect your AWS organization, Guardrails requires two key components: an AWS IAM role to query your organization structure, and a role in each member account to discover and govern AWS resources. We've simplified this setup by providing ready-to-use CloudFormation templates - one CFN template for the organization role and a CFN StackSet for your member accounts.

Before connecting, you can specify exclusions using Account IDs, aliases, or OU names. Flexible regex patterns are supported to ensure your exclusions remain effective as your organization evolves over time.

Syncing to the Guardrails CMDB

After clicking the "Connect" button, Guardrails immediately starts discovering your organization configurations, OU structure and AWS accounts. It then continues to discover all resources in each account to build your complete asset inventory in the Guardrails CMDB.

With your AWS organization now integrated into Guardrails, you gain immediate access to powerful capabilities: comprehensive resource exploration, full-text inventory search, and the ability to implement governance controls that ensure consistent FinOps and Security posture.

Guardrails maintains continuous synchronization with your organization, automatically reflecting changes as accounts move between OUs, new accounts are added, or organizational configurations evolve.

Managing multiple AWS Organizations? Simply repeat these steps - you can either segregate organizations in separate Guardrails folders or unify them under a single hierarchy.

See it in Action

Watch this demo to see how Turbot Guardrails can integrate your entire AWS organization(s) in just a few clicks:

Elevate your AWS organization accounts with Guardrails

This new AWS organization feature addresses a common challenge faced by our users with large AWS footprints who want to bring in their entire organization structure as-is. It would be time-consuming to do this by hand or with Terraform scripting. Now you can bring your whole AWS organization into Guardrails quickly, easily, and automatically. Best of all, Guardrails stays up-to-date with your organization as it evolves, automatically reflecting any changes to your OUs and accounts.

Get started with a 14-day free trial of Guardrails for AWS Organizations today.