Moving accounts to an organizational unit (OU) or between the root and OUs with Amazon Organizations - Amazon Organizations
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Moving accounts to an organizational unit (OU) or between the root and OUs with Amazon Organizations

When you sign in to your organization's management account, you can move accounts in your organization from the root to an OU, from one OU to another, or back to the root from an OU. Placing an account inside an OU makes it subject to any policies that are attached to the parent OU and any OUs in the parent chain up to the root. If an account isn't in an OU, it's subject to only the policies that are attached directly to the root and any policies that are attached directly to the account. To move accounts, complete the following steps.

Minimum permissions

To move accounts to a new location in the OU hierarchy, you must have the following permissions:

  • organizations:DescribeOrganization – required only when using the Organizations console

  • organizations:MoveAccount

Amazon Web Services Management Console
To move accounts to an OU

  1. Sign in to the Amazon Organizations console. You must sign in as an IAM user, assume an IAM role, or sign in as the root user (not recommended) in the organization’s management account.

  2. On the Amazon Web Services accounts page, find the account or accounts that you want to move. You can navigate the OU hierarchy or enable View Amazon Web Services accounts only to see a flat list of accounts without the OU structure. If you have a lot of accounts, you might have to choose Load more accounts in 'ou-name' at the bottom of the list to find all of those you want to move.

  3. Choose the check box Blue checkmark icon indicating confirmation or completion of a task. next to the name of each account that you want to move.

  4. On the Actions menu, under Amazon Web Services account, choose Move .

  5. In the Move Amazon Web Services account dialog box, navigate to and then choose the OU or root that you want to move the account to, and then choose Move Amazon Web Services account.

Amazon CLI & Amazon SDKs
To move accounts to an OU

You can use one of the following commands to move an account:

  • Amazon CLI: move-account

    The following example moves an Amazon Web Services account from the root to an OU. Note that you must specify the IDs of both the source and destination containers.

    $ aws organizations move-account \
    --account-id 111122223333 \
    --source-parent-id r-a1b2 \
    --destination-parent-id ou-a1b2-f6g7h111

    This command produces no output when successful.

  • Amazon SDKs: MoveAccount