I'm reading about AWS Identity and Access Management (IAM) and AWS Organizations.
Both of them give us the new account & applied policy:
Question:
So what are the differences between them?
What should I use the service over the other one?
I've read this post and that just gives me "OUs that can be used in AWS' consolidated billing feature"
AWS Organizations controls permissions of multiple AWS accounts from a "parent" AWS account. For example, if a company's IT department has an AWS account, and the Finance department has another AWS account, you can do things like limit what services can be used in those accounts, and monitor them for compliance, using AWS Organizations in a "parent" or "root" AWS account.
AWS IAM is used to provide permissions to access the AWS API. You would create IAM accounts within a specific AWS account to provide access to view/create/update/modify resources within that AWS account.
There is more to it when you start getting into cross-account IAM roles and AWS Single Sign-On, etc., but in general AWS Organizations is used to manage multiple AWS accounts, while IAM is used to manage access to resources within a single AWS account.