An opinionated, critical look at the state of security of vendor cloud integrations, along with recommendations for documenting and adhering to cloud security best practices for both vendors and customers.

This post explores the potential implications of moving an AWS account or Organizational Unit (OU) to another OU within the same Organization, including impacts to SCP policy inheritance, CloudFormation StackSet deployments, IAM policy conditions, RAM shares, and Control Tower enrollments.

As cloud infrastructure usage continues to grow, it has become common (recommended) practice to organize the accounts that contain that infrastructure by team, project, region, environment, and other categories. This has led to a rapid expansion in the number of cloud accounts that many companies, and even individuals, are managing. Some companies have hundreds of accounts, and it’s not uncommon to have thousands of accounts.