We currently have a single AWS account on commercial cloud (Account A) which contains all IAM users, policies, workloads, etc. for our integration tier. This account is tied to a separate account on GovCloud (Account B), which contains all IAM users, workloads, etc. for our production tier. Account A has also purchased many reserved instances that we do not want to lose.
Given this scenario, what is the recommended way to migrate to AWS Organizations in both commercial cloud and GovCloud, while keeping our reserved instances?
We were thinking of doing the following, but aren't sure if there are any gotchas to be aware of:
Part 1: Migrate the commercial cloud account
- Create a brand new AWS account that will only be used for management.
- In the new account, stand up AWS Organizations.
- Invite Account A into the organization, and place them under a Workloads OU.
Part 2: Migrate the GovCloud account
- From Account A, create a new GovCloud Account, which will only be used for management.
- In the new GovCloud account, stand up AWS Organizations.
- Invite Account B into the organization, and place them under a Workloads OU.
Thank you for the information! I just have one follow-up question that’s a bit of a brain teaser. Once the RIs are expired and we purchase them in the management account, will they still be applicable to the GovCloud accounts linked to Account A?
So I don’t have any gov experience and only know commercial. I’m not too clear how you mean the accounts are tied together.
However rereading your message it may not be accurate however I have read this and still trying f to understand it’s not entirely clear.
https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/govcloud-organizations.html
Have you read this?
Thanks for the link, the information on that page combined with documentation provided at https://docs.aws.amazon.com/govcloud-us/latest/UserGuide/getting-started-standard-account-linking.html and https://aws.amazon.com/blogs/security/aws-organizations-available-govcloud-regions-central-governance-management-accounts/ indicate that billing for GovCloud will flow through to the mapped commercial accounts. If the mapped commercial accounts are under a single organization with consolidated billing enabled, then it seems safe to assume that RIs owned by the management account would be applicable for charges incurred on GovCloud.