search

awslabs / landing-zone-accelerator-on-aws

Deploy a multi-account cloud foundation to support highly-regulated workloads and complex compliance requirements.
https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/
Apache License 2.0
555 stars 440 forks source link

General Question: move account out of LZA organization #395

Closed snemir2 closed 9 months ago

snemir2 commented 9 months ago

I am trying to figure out all the steps and considerations for taking the existing account out of the LZA organization. (tower)

  1. The customer will take over billing/root for the account (i.e. OWN the account)
  2. All of the shared networking (tgw) and sso should continue to function as is. In so many words, just ownership of account changes, all configs should continue to function as is past this change.

Can you possibly point to any considerations/how-to's/or general thoughts about doing this?

bhkhatri221 commented 9 months ago

Hello @snemir2, thank you for filing an issue with the Landing Zone Accelerator team!

Here is the information regarding How do I move an account from an existing AWS Organization to another AWS Organization?. LZA leverages AWS Organizations to share networking resources like AWS Transit Gateway, and enable security services like Amazon GuardDuty, AWS SecurityHub etc. It will disrupt the LZA pipelines if the account is not available in the organization. As of now, this feature is not currently available to support deployment of resources for an account in different organization.

I hope this was helpful! I will be closing this issue, but please feel free to follow-up or open new issues as you have additional questions. Thank you for your interest in Landing Zone Accelerator!

snemir2 commented 9 months ago

Thanks!