Reputation: 337
Move AWS account to another AWS Organization
I have an AWS Landing Zone setup with Networking, Logging, Security, and a number of Custom AWS accounts. All of the ingress/egress connectivity is going through the Networking account.
I want to set up a completely new Landing Zone (AWS Organization) and move all of the Custom AWS accounts to that Landing Zone. Will the existing network connectivity continue working (Transit Gateway attachments, routing tables, etc) if I move an account to the new AWS Organization?
Upvotes: 1
Views: 751
Answers (2)
Reputation: 35721
Connections on the data-plane should keep working. However, be prepared for larger interruptions in the control-plane side of things. Many IAM Policies leverage sts:assumeRole conditions that have hardcoded organization id or network account id wildcards. Same can apply to policies for AWS service linked-roles, e.g. https://docs.aws.amazon.com/vpc/latest/tgw/service-linked-roles.html
An alternative to setting up a landing zone in a new organization (which is also a new master account to manage and secure) can be setting up a new OU in your existing organization.
Upvotes: 1
Reputation: 26
AWS Organization is just an administrative tool, no change will be made on your existing accounts when you choose to join a newly created organization. So network connectivity will continue working.
Upvotes: 0
Related Questions
- How to migrate AWS ECS from one account to another (in a different Region/AZ)?
- Move AWS EC2 Instance to another account
- What if I migrate an AWS standalone account to Organizations?
- AWS Organization accounts manangement
- How to delete AWS child account when removed from the organization?
- Migrate IAMs Users, Roles and Groups to another aws account
- AWS Access environments in different Organizations using the same account
- Remove enrolled account from AWS Control Tower
- To Migrate AWS Services from one AWS Account to another AWS Account
- AWS SES - Changing AWS Accounts