Even if you have accounts created as part of AWS Organization, those accounts cannot be associated with a single common AWS connection of Cloud Workload Protection. This is because, Cloud Workload Protection uses a AWS connection setup with a cross account role to discover Iaas entities such as instances, VPCs, subnets, load balancers, auto scaling groups, tags, and so on. These entities are associated with individual AWS accounts and therefore cannot be retrieved through the AWS organization.
You can setup a AWS connection under independent Cloud Workload Protection domains. A Cloud Workload Protection domain serves as a sub-tenant within a user's Cloud Workload Protection tenant. Domains segregate each AWS account's data and security control management so that each of these have their own Cloud Workload Protection users, policy groups, alert profiles, and so on. These sub-tenants can also view instances, dashboards, events, alerts for the AWS connection these users should have access to with zero overlap. Domains can be created for Azure subscription and Google Cloud Platform too.
How to optimize AWS connections for multiple AWS accounts?
If you have a large number of AWS accounts or create AWS accounts dynamically as part of your DevOps automation, then you can use the Cloud Workload Protection's Connection REST API methods to automate the creation of theCloud Workload Protection connections.
A Python code sample demonstrating the use of this REST API method is available here.