Amazon Web Services (AWS), Importing Legacy Accounts into the Standard Organization
For AWS accounts that were created prior to the adoption of AWS Organizations in mid 2022 (also known as legacy accounts), these legacy accounts will be imported into the current organization structure. There are some changes in the organization structure that may affect resources in your account. This article provides an overview of the changes you can expect to see in your account.
Logging Naming Conventions for S3 Buckets
There are predefined S3 buckets for logging functionality. You may use these buckets for your own logging purposes such as logging for an application load balancer, VPC flow logs, or CloudFront and edge function logs. These logging buckets have the following names based on the region where they are located:
- uiuc-logs-<account number>-us-east-1
- uiuc-logs-<account number>-us-east-2
- uiuc-logs-<account number>-us-west-1
- uiuc-logs-<account number>-us-west-2
Since S3 bucket names must be unique, you will not be able to create an S3 bucket with the same name.
Public S3 Bucket Limitations
S3 buckets will not be allowed to be defined as publicly readable. Any existing public S3 bucket or public ACL will be allowed to remain public when the account is imported into the organization structure. In the near future, public S3 buckets and ACLs will be reviewed for appropriate use. Contact firstname.lastname@example.org for more information.
Restricting the use of Unencrypted EBS volumes
EBS volumes will be created with encryption by default. You can continue to use existing unencrypted EBS volumes, but it is highly recommended to remake the EBS volumes with encryption enabled.
Restricting the use of Unencrypted EFS volumes
EFS volumes will be created with encryption by default. You can continue to use existing unencrypted EFS volumes, but it is highly recommended to remake the EFS volumes with encryption enabled.
Additional Changes to Resources
- AWS Regions are limited to US regions (us-east-1, us-east-2, us-west-1, us-west-2).
- Access to the root user account is not permitted. The root user password and MFA will be managed by the Cloud Enablement team.
- AWS CloudTrail service can't be disabled.
- Accounts are created with a default monthly spend limit of $500 and an email threshold alerts of 80%. You are allowed to modify the monthly spend limit and email threshold alerts.
- Standard Roles of Admins, PowerUsers, BusinessOffice, and ReadOnly will be added to the account. Account owners may use https://authman.illinois.edu to add or remove users from a Role.
Questions can be directed to email@example.com.