In this post I want to summarize the differences about how the three top cloud providers: Amazon AWS, Microsoft Azure and Google Cloud will provide multiple account/project management and billing consolidation.

AWS provides therefore the Organization service and in Google Cloud you can set up an Organization resource.

Microsoft Azure and its Azure Management Groups are frequently compared and mentioned as counterpart in the web to Google Cloud’s organization resource or AWS organizations.

One big difference with Azure Management Groups in contrast to AWS organizations or Google Cloud’s organization resource is the scope where you can control access and permissions by using them.

Azure Management Groups organize and manage access, policies and compliance just for the subscriptions in the Azure tenant. They didn’t control access or policies for the Azure tenant (Azure AD) itself. In AWS in contrast are the resources directly tied to the AWS account (organization) and can be managed and controlled from.

Also for Google Cloud’s organization resource, projects (resources) created belong to the organization instead of the employee who created the project.

So both, AWS and Google Cloud organizations control not just the resources created but also the entire account including identity and access management (IAM). In contrast Azure Management Groups just control the subscriptions (resources) itself in the account (Azure AD tenant).

Microsoft will show in the following article the differences between AWS accounts and Azure subscriptions.

Azure and AWS accounts and subscriptions
Azure subscriptions are a grouping of resources with an assigned owner responsible for billing and permissions management. Unlike AWS, where any resources created under the AWS account are tied to that account, subscriptions exist independently of their owner accounts, and can be reassigned to new owners as needed.


There is also a big difference between AWS organizations and Google Cloud’s organization resource.

AWS Organizations is an account management service that lets you consolidate multiple AWS accounts into an organization that you create and centrally manage. With Organizations, you can create member accounts and invite existing accounts to join your organization. You can organize those accounts into groups and attach policy-based controls.

Google Cloud organization resource represents an organization (for example, a company) and is the root node in the Google Cloud resource hierarchy when present. The organization resource is the hierarchical ancestor of folder and project resources. The IAM access control policies applied on the organization resource apply throughout the hierarchy on all resources in the organization.

So Google Cloud organization resource doesn’t consolidate multiple Google Cloud accounts into an organization as in contrast AWS Organizations do. Google Cloud resource organization is just one account and represents an organization hierarchy structure to manage with.

Below you will see diagrams from each cloud provider how the organization structure looks like to manage access and policies for the resources within.

As already mentioned for Microsoft Azure and its Azure Management Groups it is not really an organization structure as you just organize the subscriptions and therefore the resources within the tenant (Azure ID) but not the tenant and Azure ID itself, they both independently from each other.

AWS Organizations diagram


About AWS Organizations you can also read my following post.

Google Cloud organization resource diagram


About Google Cloud organization resource you can also read my following post.

Microsoft Azure Management Groups


About Azure Management Groups you can also read my following post.


Azure and AWS accounts and subscriptions

What are Azure management groups?

Resource Manager

Manage Accounts Through AWS Organizations