Required role for AWS Member Account Migration to another AWS Organization account


which role ( IAM Permissions) I need in destination AWS Org Account to migrate an AWS Account from its Current AWS Organization Account

asked a month ago134 views
1 Answer
Accepted Answer

if you need to migrate an AWS account from one organization to another, the first action would be to leave the current organization and after that join another

To leave an AWS organization, you must have the following permissions: organizations:DescribeOrganization – required only when using the Organizations console. organizations:LeaveOrganization – Note that the organization administrator can apply a policy to your account that removes this permission, preventing you from removing your account from the organization. If you sign in as an IAM user and the account is missing payment information, the user must have either aws-portal:ModifyBilling and aws-portal:ModifyPaymentMethods permissions (if the account has not yet migrated to fine-grained permissions) OR payments:CreatePaymentInstrument and payments:UpdatePaymentPreferences permissions (if the account has migrated to fine-grained permissions). Also, the member account must have IAM user access to billing enabled. If this isn't already enabled, see Activating Access to the Billing and Cost Management Console in the AWS Billing User Guide.

after that you need to invite the account from the Management account on the destination organization

To invite an AWS account to join your organization, you must have the following permissions: organizations:DescribeOrganization (console only) organizations:InviteAccountToOrganization

profile picture
answered a month ago
profile picture
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions