AWS Organization and Organizational Units Configuration
Question
You have maintained an AWS Organization and the Organization has below OUs (Organizational Units) configured:
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer - C.
For OUs, there are limited operations that users can do.
Please check.
https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_ous.html.One thing to note is that the user cannot move an OU to another place from the console or CLI command.
So the user has to create a new OU and move accounts to it.
Option A is incorrect: because the user cannot drag and drop an OU to another place.
Option B is incorrect because it is unnecessary to move accounts out of the Organization.
Otherwise, you have to re-invite these accounts.
Option C is CORRECT because users can move accounts from an OU to another.
After that, empty OU can be deleted.
Option D is incorrect because there is no such CLI command to move an Organizational Unit.
The question describes a scenario where an AWS Organization has several Organizational Units (OUs) including Dev_Department and QA_Department. The task is to reorganize the structure of the OUs so that QA_Department becomes a child of Dev_Department and accounts 3 and 4 are moved to QA_Department.
Option A: In the tree view of AWS Organization console, drag and drop QA_Department and its members to be a child of Dev_Department. This option is the simplest and easiest to implement. In the AWS Organization console, the user can simply click and drag the QA_Department and its member accounts to be a child of the Dev_Department. This option does not require any account moves or CLI commands.
Option B: Move accounts 3 and 4 out of the AWS Organization, move QA_Department to be a child of Dev_Department. Add accounts 3 and 4 back to QA_Department. This option requires a bit more work. The user would first move accounts 3 and 4 out of the AWS Organization, then move QA_Department to be a child of Dev_Department. Finally, accounts 3 and 4 would be added back to QA_Department. This option may cause some disruption to the accounts that are moved out and added back in.
Option C: Create a new OU under Dev_Department named QualityAssurance_Department. Move accounts 3 & 4 to the new OU. Delete the original empty OU QA_Department. This option is also straightforward. The user would create a new OU named QualityAssurance_Department under Dev_Department, move accounts 3 and 4 to the new OU, and then delete the original QA_Department. This option would not cause any disruption to the accounts being moved.
Option D: Move accounts 3 and 4 under the Root of the AWS Organization. Use CLI move-organizational-unit to move QA_Department to be a child of Dev_Department. Then add accounts 3 and 4 to QA_Department. This option requires the use of the AWS CLI. The user would move accounts 3 and 4 to the Root of the AWS Organization, use the move-organizational-unit command to move QA_Department to be a child of Dev_Department, and then add accounts 3 and 4 back to QA_Department. This option may be more complex and time-consuming than the other options.
In conclusion, the best option for reorganizing the OUs in this scenario would be Option A: In the tree view of AWS Organization console, drag and drop QA_Department and its members to be a child of Dev_Department. It is the simplest and easiest to implement, and it does not require any account moves or CLI commands.
