By using AWS re:Post, you agree to the Terms of Use
AWS re:Postre:Post
/account move in different OU, impact on TGW or Subnets/

account move in different OU, impact on TGW or Subnets

0

A customer has the following question:

In linked account x I have a VPC which subnets are shared with specific OUs and TGW which also shared with specific OUs. Now account x right now is in OU a and I want to move it to OU b .

My question: is there any risk of performing such move of account x from a to b OU? Reason why I am asking is because these subnets, and TGW has business critical apps running in it.

In docs I didn't find any notes that would warn about any issues, but can some please confirm if such move is a safe thing to do for the customer.

Topics
Networking & Content DeliveryManagement & Governance
Tags
Networking & Content DeliveryAWS OrganizationsAWS Transit Gateway
AWS-User-6691123
asked 2 years ago6 views
1 Answers
0
Accepted Answer

Generally low-risk, but check the below notes. I've done this in the past with 0 impact to the accounts.

The longer answer is: "it depends". Remembering the primary goal of Organizational OUs as a way to group, manage, and apply policies on that organized accounts, you'll need to make sure that you don't have any organization policies on the new OU you plan on moving the account to.

Take a look at the doc example and think about the accounts under the OU at the bottom right inheriting multiple policies that the account on the far left does not have applied. Ie: Make sure you don't have org policies that will impact the account in its new OU home.

JeremyAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant questions