By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How to link Accounts to OU to Root

0

(1) It seems that when we created our Root an Organisation Unit was automatically created (using the same email address for the Root user). But we have no way to Add Account(s) to this Root & OU. Similarly we could not find a way to create a Resource Group for this.

(2) We then used a personal email address to create a new Account and a created a new OU. We then created a Resource Group but cannot find a way to link this to the new Account & OU.

Ideally we want to create a Resource Group that links to the Account and it links to the OU and the OU to the Root. Can you advise exactly how we can set this structure up? We are a new company using AWS for the first time.

1 Answer
1

Thank you for your question about setting up your AWS organization structure. I'll address your concerns and provide guidance on how to properly set up your accounts, Organizational Units (OUs), and Resource Groups.

  1. Root and Initial OU: When you create an AWS Organization, a root is automatically created, but it's not an OU itself. The root is the top-level container for all accounts and OUs in your organization. You don't need to create a Resource Group for the root.

  2. Adding Accounts to OUs: To add accounts to an OU, you need to move them from the root (or another OU) into the desired OU. Here's how:

  • Sign in to the AWS Organizations console using your management account.
  • Navigate to the AWS accounts page.
  • Select the account you want to move.
  • From the "Actions" menu, choose "Move".
  • Select the destination OU and confirm the move.
  1. Creating and Linking Resource Groups: Resource Groups are created and managed at the account level, not at the organization level. They don't directly link to OUs or the root. Instead, you create Resource Groups within each account to organize resources in that specific account.

To set up the structure you're aiming for:

  1. Ensure your root organization is set up (which it seems you've done).
  2. Create OUs as needed under the root.
  3. Create or invite member accounts.
  4. Move accounts into the appropriate OUs.
  5. Within each account, create Resource Groups as needed to organize resources.

Remember, the hierarchy goes: Root > OUs > Accounts > Resource Groups (within each account).

As a new company using AWS, I recommend you take some time to plan your organizational structure carefully. Consider factors like your company's departments, environments (e.g., development, testing, production), and any compliance requirements you may have. This will help you create an efficient and manageable AWS organization structure.
Sources
Moving accounts to an organizational unit (OU) or between the root and OUs with AWS Organizations - AWS Organizations
Creating an organizational unit (OU) with AWS Organizations - AWS Organizations
Configuring account structure and OUs - AWS Prescriptive Guidance

profile picture
answered 13 days ago
profile picture
EXPERT
reviewed 12 days ago
  • Hi,

    Thanks a lot for your suggestions,

    1. Have created the OU.
    2. Invited the Member Accounts [since we are the only team in our company using this, so used the same e-mail to create member accounts, it was created successfully.]
    3. Moved Member Account into respective OU
    4. Next, Have created a Resource Group in a Specific Region but could not link with the specific Member Accounts

    Got stuck with point 5. Kindly help us, how to resolve this and any reference materials. Thanks in Advance.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions