How do you organize previous AWS accounts and new ones generated by the reference architecture?
How do you organize previous AWS accounts and new ones generated by the reference architecture? How do customers typically organize their previous AWS accounts and their new ones generated by the reference architecture? Would we be able to fold the new accounts into our current org structure or is it necessary to start from scratch, also at the org level, because we'd also get a new management account?
In general, we recommend creating the new AWS accounts under the existing AWS organization rather than creating a new AWS organization for the purpose of the Reference Architecture. This way, you avoid the overhead of maintaining two root accounts and bills, while still having new fresh accounts for deploying the modules. Once the new accounts are deployed and setup, we recommend migrating your workloads to the new accounts as much as possible. We typically recommend a migration approach as opposed to updating, due to the limitations of Terraform state migrations and imports. There are typically many resources that need to be managed and created by Terraform, and importing all of them into the state is a tedious and difficult process, especially when you are using abstractions like the Gruntwork Module library. Instead, it is oftentimes faster and easier to define new IaC configurations that deploy your existing workloads to the new account, and then update DNS records to point to the new deployments to retire the old ones when they are ready. So in summary: - Reuse your existing AWS Organization. - But do create new AWS accounts to host the Reference Architecture. - Migrate workloads to the Reference Architecture by defining new code and infrastructure, rather than importing existing ones.