How do I move accounts between organizations in AWS Organizations?
Last updated: 2022-09-02
I want to migrate AWS Organizations member accounts from one organization to another organization. What should I consider before starting the migration process?
When planning your migration, consider the following:
- You have the permissions that you need to move both the management and member accounts in the organization.
- You backed up any reports from the member accounts that you need to keep. The member accounts can't access these reports after leaving the Organization.
- You have a valid payment method on the member account to address any charges that are incurred while the accounts are migrating.
- You have reviewed and updated the tax information for any accounts that are changing from one organization to another.
- You have changed the AWS Support plan for migrating Developer or Business accounts.
- You understand the technical process of migrating accounts.
Important: If you have a pricing agreement with AWS and want to move your management account to a different organization, contact your Account Manager.
Account access considerations
- You must have AWS root user account access or AWS Identity and Access Management (IAM) access to both the member and management accounts. For more information on adding these permissions, see Managing access permissions for your organization.
- You might need to add more information to a member account before you can move it. For example, you might need to add a new payment method to the member account, or update the contact information for the account. When you remove the account from the Organization, you are prompted to add this information. For more information, see Removing a member account from your organization.
- When you remove a member account from an organization, the member account's access to AWS services that are integrated with the organization are lost. In some cases, resources in the member account might be deleted. For example, when an account leaves the organization, any AWS CloudFormation stacks created using StackSets are removed from the management of StackSets. You can choose to either delete or retain the resources managed by the stack. For a list of AWS services that can be integrated with AWS Organizations, see AWS services that you can use with AWS Organizations.
- If you use the aws:PrincipalOrgID condition key in your resource-based policies to restrict access only to the principals from AWS accounts in your organization, then you must change these policies before moving the member account to another organization.
- To share resources with a migrating account, you must enable resource sharing with AWS Organizations before migrating the account. For more information, see Sharing your AWS resources.
- Before migrating, decide the set of features that you want for your organization. By default, AWS Organizations supports consolidated billing features. To access additional features such as service control policies (SCPs), enable all features.
- Before migrating, consider the number of accounts in your organization. If an increase is needed, see Quotas for AWS Organizations for more information.
Billing history and billing reports for all accounts stay with the management account in an organization.
Important: Before you move the account to a new organization, confirm that all Cost and Usage Reports, Detailed Billing Reports, or reports generated by Cost Explorer that you want to keep are downloaded. Your historical data and graphs aren't stored when an account is migrated.
When a member account leaves an organization, all charges incurred by the account are charged directly to the standalone account. Even if the account move takes only a minute to process, it's likely that some charges are incurred by the member account.
Be sure that you have a valid payment method on the member account to address any incurred charges. For example, if you are asked to add a credit card to the member account to cover the charges, then create an internal process to reimburse the member account for using its own payment method during the migration.
When the member account is added to the new organization, charges are billed to the new management account.
If you currently benefit from a volume discount, you might temporarily pay the normal rate for that service. This is because you changed billing entities, and your new consolidated billing family might not have reached the higher usage tier necessary to activate the volume discount. Be sure to account for this temporary change in pricing.
The account that was used to purchase the Savings Plan owns the Savings Plan. If you leave the Organization, then the Savings Plan remains on the account that purchased the Savings Plan.
For help with updating the payment method for the member account, contact AWS Support.
You might need to update the tax settings on member accounts after you move them to the new organization.
To view and edit the tax registration numbers for all member accounts in the organization, you must sign in as the management account.
Migrating Developer or Business accounts
If you are migrating a Developer or Business account with an existing AWS Support Plan and don't want to be billed for this plan, then you must change the plan. For more information, see How do I cancel my AWS Support plan?
Planning the migration process
- If you have only a few accounts to migrate, you can use the Organizations console.
- If you are migrating many accounts, you might use the AWS Organizations API or AWS Command Line Interface (AWS CLI) to move the accounts instead.
In either case, do the following for each member account:
- Remove the member account from the old organization.
- Send an invite to the member account from the new organization.
- Accept the invite to the new organization from the member account.
If you want the management account of the old organization to also join the new organization, do the following:
- Remove the member accounts from the organization using the preceding process.
- Delete the old organization.
- Repeat the preceding process to invite the old management account to the new organization as a member account.