This chapter covers AWS Consolidated Billing through AWS Organizations, a critical feature for managing multiple accounts efficiently. The objective falls under Domain 4: Billing, Pricing, and Support, which accounts for approximately 12% of the CLF-C02 exam. You will learn how consolidated billing works, how it enables cost optimization through volume discounts, and how it differs from other billing features. Understanding this topic is essential for the exam because questions often test your knowledge of the benefits, cost aggregation mechanics, and common misconfigurations.
Jump to a section
Imagine you run a family of several separate households, each with its own budget, credit cards, and shopping habits. Individually, you pay full price for groceries, utilities, and services. But if you appoint a family office to manage all households together, you can negotiate bulk discounts, get a single consolidated bill, and enforce rules like "no one spends more than $500 on entertainment per month." The family office doesn't replace each household's autonomy; it simply pools purchasing power and provides oversight. Each household still manages its daily spending, but the office sees the total, applies volume discounts, and can set spending caps. AWS Consolidated Billing with Organizations works exactly like that. You create an organization with one management account (the family office) and add member accounts (the households). All usage from all accounts is aggregated, and volume pricing tiers are applied across the entire organization. The management account pays the consolidated bill, but each member account can still be given its own budget and cost visibility. You can also apply Service Control Policies (SCPs) to restrict what services member accounts can use, just like the family office setting spending rules. The key mechanism is that AWS calculates pricing based on total usage across all accounts, so you automatically get lower rates without any manual renegotiation. This is fundamentally different from having separate accounts with separate billing—you would miss out on volume discounts and have to manage multiple payments.
What is AWS Consolidated Billing?
AWS Consolidated Billing is a feature of AWS Organizations that allows you to combine usage and costs from multiple AWS accounts into a single bill. The management account (formerly called the master account) pays the aggregated charges, while each member account remains independent for resource management. The primary problem it solves is the loss of volume discounts when using separate accounts. Without consolidation, each account pays the standard rates, even if the combined usage across accounts would qualify for lower tiered pricing. Consolidated billing automatically applies the highest volume discount across all accounts, so you get the best possible price for each service.
How It Works
When you enable consolidated billing, AWS aggregates the usage of each service across all accounts in the organization. For example, if you have three accounts each using 10 TB of Amazon S3 storage, the total 30 TB is used to determine the storage pricing tier. AWS applies the rate for the 30 TB tier to all usage, not the 10 TB tier. This is automatic—no manual requests or custom pricing. The management account receives a single monthly invoice that itemizes charges by account. You can use Cost Explorer and AWS Budgets to monitor costs per account and set alerts.
Key Components
Management Account: The account that creates the organization, pays all charges, and can invite other accounts. It cannot be changed after setup.
Member Accounts: Standard AWS accounts that are part of the organization but maintain their own resources and configurations. They can be created directly within the organization or invited from existing accounts.
Service Control Policies (SCPs): JSON-based policies that restrict what services and actions member accounts can use. SCPs do not affect the management account.
Consolidated Billing Feature: Enabled by default when you create an organization. You cannot disable it without deleting the organization.
Pricing and Tiers
AWS uses a tiered pricing model for many services. For example, Amazon S3 standard storage costs $0.023 per GB for the first 50 TB, $0.022 per GB for the next 450 TB, and so on. With consolidated billing, the usage from all accounts is summed, and the tiered rates are applied to the total. This means if your organization uses 60 TB, the first 50 TB are charged at the first tier, and the remaining 10 TB at the second tier, but across all accounts combined. Each account's bill reflects the blended rate, which is the average rate for that service across the organization.
Comparison to Standalone Accounts
Without consolidated billing, each account pays based on its own usage. If Account A uses 10 TB and Account B uses 10 TB, both pay the first-tier rate of $0.023/GB. With consolidated billing, the combined 20 TB still falls in the first tier (under 50 TB), so there is no discount benefit in this example. However, if Account A uses 40 TB and Account B uses 40 TB, separately both pay $0.023/GB for the first 50 TB (they never exceed 50 TB individually), but consolidated billing sees 80 TB total: first 50 TB at $0.023, next 30 TB at $0.022. The savings come from hitting higher tiers that no single account would reach alone.
When to Use
Use consolidated billing when you have multiple AWS accounts for different environments (e.g., dev, test, prod), different business units, or different projects. It is especially beneficial if the combined usage pushes you into higher volume tiers. It also simplifies payment by having a single monthly invoice. However, if you only have one account, consolidated billing is irrelevant. If you need strict cost isolation without any shared discounts, separate accounts without consolidation might be preferred, but you would lose volume discounts.
Alternatives
AWS Cost Categories: Allows you to group costs across accounts but does not provide consolidated billing.
Budgets and Alerts: Can be set per account, but without consolidation, you manage multiple budgets.
Linked Accounts (pre-Organizations): Older feature replaced by AWS Organizations. Not recommended for new deployments.
Limits and Defaults
Maximum of 5 member accounts initially, but you can request a limit increase.
The management account cannot be changed; you must migrate to a new organization if needed.
SCPs have a maximum size of 5,120 characters.
Consolidated billing is free; there is no additional charge for using AWS Organizations.
Exam Note
CLF-C02 expects you to know that consolidated billing is a feature of AWS Organizations, not a standalone service. Questions may ask about the benefit of volume discounts, the role of the management account, or the difference between consolidated billing and cost allocation tags. Be prepared to identify scenarios where consolidated billing reduces costs and where it does not.
Create an AWS Organization
Navigate to the AWS Organizations console in the management account. Click 'Create organization'. AWS automatically enables all features, including consolidated billing. The management account becomes the payer account. You cannot undo this; if you delete the organization, all member accounts become standalone again. The organization is created with a root organizational unit (OU) that contains all accounts. You can create additional OUs for hierarchical grouping.
Invite Existing Accounts
To add an existing AWS account, go to 'Add account' and select 'Invite account'. Enter the AWS account ID or email address. The account owner receives an invitation email and must accept within a specified timeframe. Once accepted, the account becomes a member. The invited account's billing is automatically consolidated; no further configuration is needed. The member account retains its own resources and IAM users, but the management account can now view its costs.
Create New Member Accounts
In the Organizations console, choose 'Add account' and select 'Create account'. Provide an account name, email, and IAM role name (optional). AWS creates a new account with root credentials sent to the specified email. This account is automatically a member of the organization. You can create up to 5 accounts initially; request a limit increase for more. New accounts have no resources and no prior usage, so they immediately benefit from consolidated pricing.
Apply Service Control Policies
SCPs are optional but powerful. Create a policy in JSON format that denies or allows specific AWS services. For example, a policy can deny EC2 instance creation in a member account. Attach the SCP to the root OU or a specific account. SCPs are inherited; if attached to an OU, all accounts under it are affected. The management account is never restricted. SCPs do not affect existing resources; they only apply to future actions. Use them to enforce compliance without restricting the management account.
Monitor and Analyze Costs
After consolidation, the management account can use Cost Explorer to view costs by account, service, or tag. Enable cost allocation tags (user-defined or AWS-generated) to categorize spending. Set up AWS Budgets to alert when costs exceed thresholds. The management account receives the consolidated bill, but each member account can still see its own costs in the Billing and Cost Management console. The member account cannot see other accounts' costs.
Scenario 1: Multi-Environment Development
A startup runs separate AWS accounts for development, staging, and production to isolate resources and limit blast radius. Each account has its own EC2 instances, RDS databases, and S3 buckets. Without consolidated billing, each account pays standard rates. The development account uses 20 TB of S3 storage, staging uses 15 TB, and production uses 100 TB. Individually, only production qualifies for a slight discount beyond the first 50 TB. With consolidated billing, the total 135 TB pushes into the third pricing tier (over 100 TB), saving the company approximately 10% on storage costs. The management account pays the bill, and the startup uses Cost Explorer to allocate costs back to each environment. They set budgets per account to prevent runaway spending. A common mistake is failing to enable cost allocation tags, making it hard to track which team incurred costs.
Scenario 2: Enterprise with Business Units
A large enterprise has separate AWS accounts for each business unit (HR, Finance, Engineering). Each unit manages its own resources but the central IT team wants visibility and control. They create an organization with a management account owned by IT. SCPs are applied to restrict non-approved services. For example, a policy denies the use of AWS Marketplace subscriptions without approval. Consolidated billing gives the enterprise volume discounts across all units, reducing overall costs by 15%. The IT team sets up AWS Budgets with alerts for each unit. A pitfall is that the management account becomes a single point of failure for billing; if it is compromised, the attacker could potentially incur charges across all accounts. Therefore, the management account should have strong security, including MFA and limited IAM users.
Scenario 3: Cost Optimization for Startups
A SaaS company uses multiple accounts for different customers to ensure data isolation. Each account is small but collectively they use enough to qualify for reserved instances or savings plans. With consolidated billing, the company can purchase Reserved Instances or Compute Savings Plans at the organization level, and the discount is shared across all accounts. This reduces compute costs by up to 72% compared to on-demand. The management account pays upfront for Reserved Instances, and the benefit is automatically applied to member accounts. Misconfiguration occurs when Reserved Instances are purchased in a member account instead of the management account; they still work but are not shared across the organization unless the member account has the 'RI sharing' feature enabled (which is automatic with consolidated billing). The exam tests that Reserved Instance discounts are shared across accounts in the organization, but only if the accounts are part of the same consolidated billing family.
What CLF-C02 Tests
Domain 4.2 specifically covers 'Consolidated billing and cost management tools'. The exam will ask you to identify the benefits of consolidated billing, how it works, and what features are part of AWS Organizations. Common topics include:
Consolidated billing automatically aggregates costs and applies volume discounts across all accounts.
The management account (payer account) pays the consolidated bill.
Service Control Policies (SCPs) are used to restrict actions in member accounts.
Cost Explorer and AWS Budgets are used for monitoring and alerts.
Most Common Wrong Answers
'Consolidated billing allows each account to pay its own bill' – Wrong. The management account pays the consolidated bill. Each member account does not receive a separate invoice from AWS.
'Consolidated billing requires manual application of volume discounts' – Wrong. Discounts are applied automatically based on aggregated usage.
'Service Control Policies can be applied to the management account' – Wrong. SCPs do not affect the management account.
'Consolidated billing is a separate service that must be enabled' – Wrong. It is a feature of AWS Organizations, enabled by default.
Key Terms
Management Account: The account that creates the organization and pays the consolidated bill.
Member Account: An account within the organization that is not the payer.
Service Control Policy (SCP): JSON policy to control permissions in member accounts.
Consolidated Billing: Aggregation of usage and costs across accounts.
Blended Rate: The average rate for a service across all accounts in the organization.
Tricky Distinctions
Consolidated Billing vs. Cost Allocation Tags: Tags are used to categorize costs, not aggregate billing. The exam may ask which tool to use for grouping costs by project.
AWS Organizations vs. AWS Account Management: Organizations provides consolidated billing and SCPs; account management is just creating accounts.
Reserved Instance Sharing: Discounts are shared only if the accounts are in the same organization with consolidated billing enabled. If you purchase RIs in a member account, they benefit only that account unless you enable sharing (which is automatic with consolidated billing).
Decision Rule
On a multiple-choice question asking about reducing costs across multiple accounts, look for 'consolidated billing' or 'AWS Organizations'. If the question mentions restricting services, think 'SCP'. If it mentions tracking costs by department, think 'cost allocation tags' or 'Cost Explorer'. Always eliminate answers that suggest manual processes or separate billing.
Consolidated billing is a feature of AWS Organizations, not a standalone service.
The management account (payer account) pays the consolidated bill for all member accounts.
Volume discounts are automatically applied based on aggregated usage across all accounts.
Service Control Policies (SCPs) restrict actions in member accounts but not the management account.
Reserved Instance discounts are shared across all accounts in the organization.
Consolidated billing does not grant the management account access to member account resources.
Cost Explorer and AWS Budgets can be used to monitor and set alerts on consolidated costs.
You cannot disable consolidated billing without deleting the organization.
These come up on the exam all the time. Here's how to tell them apart.
Consolidated Billing
Aggregates costs across accounts into one bill.
Automatically applies volume discounts.
Requires AWS Organizations.
Management account pays the bill.
Cannot filter costs by custom categories.
Cost Allocation Tags
Categorizes costs within a single account or across accounts.
Does not affect pricing or discounts.
Works with or without Organizations.
Each account pays its own bill unless consolidated.
Allows custom tagging (e.g., by project or department).
Mistake
Consolidated billing merges all accounts into one account.
Correct
Accounts remain separate for resource management. Only billing is consolidated. Each account retains its own IAM, resources, and configurations.
Mistake
The management account has full access to all member account resources.
Correct
The management account does not automatically have access to member account resources. It only has billing visibility and can apply SCPs. To access resources, you need cross-account IAM roles.
Mistake
Consolidated billing always reduces costs regardless of usage.
Correct
Savings occur only if the combined usage pushes into higher volume tiers. If total usage is low, there may be no discount benefit. However, there is no cost increase either.
Mistake
Service Control Policies can deny actions in the management account.
Correct
SCPs never apply to the management account. They only affect member accounts. The management account is unrestricted.
Mistake
You can disable consolidated billing without deleting the organization.
Correct
Consolidated billing is a core feature of AWS Organizations and cannot be disabled. To stop consolidated billing, you must remove all accounts and delete the organization.
No. Consolidated billing only combines the billing and payment. Each account remains separate for resource management, IAM, and security. You still have independent root users and IAM roles per account. The management account can view costs but cannot access resources unless cross-account roles are set up. This is a common exam trick: the answer that says 'accounts are merged' is wrong.
AWS sums the usage of a service across all accounts in the organization. The total usage determines the pricing tier for that service. For example, if you have 100 TB of S3 storage across accounts, you pay the rate for the 100 TB tier, not the rate for each account's individual tier. This is automatic and requires no configuration. The discount is applied to the consolidated bill, and each account's charges are calculated at the blended rate.
No. Consolidated billing is a feature of AWS Organizations. You must create an organization to enable it. The older 'Linked Accounts' feature is deprecated. On the exam, if a question asks about consolidating bills, the correct answer will involve AWS Organizations. Any answer suggesting a standalone service is wrong.
The management account creates the organization, pays the consolidated bill, and can apply SCPs. It is not restricted by SCPs. Member accounts are regular AWS accounts that belong to the organization. They maintain their own resources and can be restricted by SCPs. The management account cannot access member account resources without explicit cross-account roles. Both account types have root users.
Use cost allocation tags. You can tag resources with department identifiers (e.g., 'Department: Finance'). Then in Cost Explorer, you can filter by tag to see costs per department. Alternatively, you can use AWS Cost Categories to group costs by account or tag. Consolidated billing itself does not provide granular cost tracking; you need tags or Cost Categories.
No. An organization has exactly one management account that serves as the payer. All member accounts are billed through this account. If you need multiple payers, you must create separate organizations. The exam may ask about this; the correct answer is 'one payer account per organization'.
When you remove a member account from the organization, it becomes a standalone account. Its future usage is billed directly to that account, and it no longer benefits from volume discounts. Past usage remains on the consolidated bill. The account retains all its resources. You can re-invite it later.
You've just covered AWS Consolidated Billing with Organizations — now see how well it sticks with free CLF-C02 practice questions. Full explanations included, no account needed.
Done with this chapter?