Hi, We currently have 2 AWS Accounts setup as an AWS Organisation
Our Sandbox/Development Account (Also signed up in AWS Partner Central)
An account for A customer workload (Business Critical Systems)
Our Sandbox account is the org owner and the customer workload account is below this.
However we understand this is not best practise and wish to fix this by creating a new AWS account to act as the Management account, and then assign the 2 existing accounts to OUs in this new account, however we cannot risk the customer account / workloads at all.
I would like to understand the best way to achieve this and any potential risks with moving these accounts - especially the customer account which currently pays its bills via the sandbox account via consolidated billing.
In addition once this is achieved We will likely split the Sandbox / Development account further and use this as our Partner account rather than an operational account.
I have root access to both of the current accounts.
Please advice
Thank you