Hey everyone! I'm looking to move a standalone AWS account into a new Organization that I've set up. This account doesn't have any organization currently, so this will be a first for me. I want to ensure I handle this correctly, especially since the new Organization uses Service Control Policies (SCPs). Even though I won't assign any specific SCPs to the new Organizational Unit (OU), I know the account will inherit the root SCPs.
Are there any specific things I should keep in mind? Here are a few concerns I have:
- What happens to any Free Tier credits if the account is new?
- Are there tools for analyzing CloudTrail logs to assess potential impacts of existing SCPs?
- How do tags work when adding an account to an Organization?
- What will happen regarding billing? Will the charges change since the new Org uses consolidated billing?
- Are there any nuances regarding AWS support and marketplace offerings?
- What about reserved instances or savings plans — how will those be affected?
Any insights from those who have done this before would be greatly appreciated! Thanks a lot in advance.
4 Answers
You’ll want to check out the AWS Account Assessment tool; it can provide insights that might help manage the move. Also, consider stack sets if that’s relevant to your setup.
Be ready to adjust depending on your existing setup and the policies in your new Org. It varies a lot based on complexity. For simpler accounts, it's generally smoother to just add them. However, for more complicated cases, consider migrating resources incrementally. Also, remember that direct account imports with tools like Terraform can lead to unexpected issues, so proceed carefully!
I appreciate the advice! I'm just looking to add it to the new OU without any major resource migration.
One important thing is that if this account has Free Tier credits, they will expire as soon as you add it to an Organization. Just something to keep in mind!
Thanks for the heads-up! Fortunately, no Free Tier credits here.
Considering you’re dealing with AWS Organizations, be mindful of the inheritance of policies and services like Guard Duty and CloudTrail. They could inherit configurations that your new OU has. Talking to your governance team can help get a clear understanding of what to expect. Regarding billing, it will generally be handled by the payer account, so keep that in mind!
Thanks for the tip! I wasn't aware this tool existed; I'll definitely give it a look.