Transitional OU - Organizing Your AWS Environment Using Multiple Accounts

Transitional OU

The Transitional OU is intended as a temporary holding area for existing accounts and workloads that you move to your organization before you formally integrate them into your more standardized areas of your AWS environment structure.

Common reasons for moving accounts into your organization

Common reasons for moving accounts into your organization include:

  • Acquisition of a company that is already using AWS and has a set of accounts

  • Existence of your own accounts that were created before you established your newer AWS environment structure

  • Movement of accounts that have previously been managed by a third party

Benefits of moving accounts into your AWS organization

By moving existing accounts into your organization, you can begin to gain some of the benefits of using AWS Organizations including:

  • Centralized visibility

  • Option to begin applying common policies

  • Consolidated billing, cost, and asset management

  • Simplified use of AWS Organizations-enabled AWS security services

  • Integration with existing federated access capabilities

Considerations for moving accounts into your organization

If you plan to move an account from an existing organization, you must first remove the account from the organization. For more information, see Removing a member account from your organization. Once an account is removed from an organization, it is referred to as a standalone account.

Moving a standalone account that does not have dependencies on other accounts is a straightforward process. In this case, there’s generally no need to migrate or modify the existing workloads in the account to be moved. For more information, see Inviting an account to join your organization.

If the standalone account to be moved has dependencies on other accounts, then you should evaluate those dependencies to determine if they should be addressed before moving the account.

In your target organization, we recommend that you review SCPs in the organization’s root to ensure that those SCPs won’t adversely impact the accounts to be moved.

If you’re moving a set of related accounts to your organization, you can create a child OU under the Transitional OU for the related set of accounts.

After moving accounts

Over time, as you better understand the direction for these accounts and the workloads contained in them, you can either move the accounts to your Workloads OU as is, invest in migrating the workloads to other accounts, or decommission either the workloads or accounts.