DLT customers who have a use case for AWS Organizations now have the ability to request this functionality using a DLT/AWS-developed process. Customers can initiate the on-boarding process for AWS Organizations by sending a request to email@example.com. Once we have corresponded with you, we will guide you through the following steps to set up AWS Organizations:
As part of this process, we will send you a list of all account numbers which we are aware of for you to confirm. Once the list is confirmed, you will identify which account numbers will be moving to the new payer, along with the funding source(s) for the accounts. In summary, this is what you would need to provide DLT:
- A use case for Organizations outlining why Organizations is needed and what features will be used, such as Service Control Policies or Control Tower
- A list of account numbers which will be moving to the new payer
- Existing account funding source(s) for validation purposes
We then need to seek approval from AWS for the new payer account. This takes time, after which you will need to provide a payment order for the Organizations creation. Because customers will have access to run resources in the new payer account, DLT will need an associated funding source. This can either be an existing purchase order or a dedicated one can be issued. Essentially, the purchase order is the vehicle that links your organization to DLT in order to pay AWS for any services used by AWS Organizations in the payer account.
- A purchase order or credit/purchase card – the default payment source at the time of Organization creation
If an account is attached to an existing Organization (such as the standard DLT Organization) it will need to be unlinked before joining the new customer Organization. Because AWS requires a form of payment associated with accounts before unlinking, there is an AWS process used to verify ownership of the account when updating this information. This process is on a per-account basis, and requires you to have the following pieces of material ready:
- Root account login for every account
- A phone number that is easily accessible to your organization, which will replace the existing phone number for the account
- Your contact phone number for a potential billing support call
To perform phone verification, a support case needs to be opened with AWS Support and have them verify the account with Customer on the phone. Please change the phone number in Contact Information to a local number directly to the Customer.
**Note** When creating the case, select Account and Other Account Issues.
Enter Your Phone Number-> Submit.
Payer Account Credentials
At this point, the Payer Account (i.e. Organization) is created. The Payer Account, however, does not have any children account under its payment umbrella. The DLT Operations Center will provide a set of Org Administrator IAM permissions to the appropriate contact(s) provided by the customer that have full Admin access to the Payer Account with minor exceptions to Billing and some DLT-specific permissions. Please provide:
- Organization Admin contact information including name, email, and phone number.
Start using Organizations
Now you can use Organizations! If you have existing accounts outside of DLT to transfer into the new Organization, you can follow the same process to unlink and relink Accounts, see How to Transfer Your Account Using Organizations . For creating new accounts, follow the process outlined in the Article: How To Create A New Account Using Organizations. Don't forget to notify firstname.lastname@example.org with any funding information around you new account(s).
Note: for Customers using AWS Control Tower, due to current AWS functionality an Organization must be deleted prior to deploying Control Tower and existing accounts cannot be managed or merged into a Control Tower deployment at this time. Please reach out to email@example.com with any Control Tower questions.