account move in different OU, impact on TGW or Subnets
A customer has the following question:
In linked account x I have a VPC which subnets are shared with specific OUs and TGW which also shared with specific OUs. Now account x right now is in OU a and I want to move it to OU b .
My question: is there any risk of performing such move of account x from a to b OU?
Reason why I am asking is because these subnets, and TGW has business critical apps running in it.
In docs I didn't find any notes that would warn about any issues, but can some please confirm if such move is a safe thing to do for the customer.
- Newest
- Most votes
- Most comments
Generally low-risk, but check the below notes. I've done this in the past with 0 impact to the accounts.
The longer answer is: "it depends". Remembering the primary goal of Organizational OUs as a way to group, manage, and apply policies on that organized accounts, you'll need to make sure that you don't have any organization policies on the new OU you plan on moving the account to.
Take a look at the doc example and think about the accounts under the OU at the bottom right inheriting multiple policies that the account on the far left does not have applied. Ie: Make sure you don't have org policies that will impact the account in its new OU home.
Relevant content
- Accepted Answerasked 9 months ago
- Accepted Answerasked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
