Pre-existing Organization on vanilla setup (The AWS account is already a member of an organization.)

[dukarc]

Hi Folks

We are just getting started creating our base setup here. Alas we are stuck on Deploy Accounts

atmos workflow deploy/organization -f accounts

Error:
│ Error: creating Organizations Organization: operation error Organizations: CreateOrganization, https response error StatusCode: 400, RequestID: c19fa06d-bfd3-4098-8a05-3e5a3ca707ac, AlreadyInOrganizationException: The AWS account is already a member of an organization.
│ 
│   with aws_organizations_organization.this[0],
│   on main.tf line 107, in resource "aws_organizations_organization" "this":
│  107: resource "aws_organizations_organization" "this" {

We are certain the error is we already have a management account set up in an organization. The challenge is we already set up SSO sync with google as our IDP. We would love to be able to use the existing organization as our root organization? Is there any easy way to update terraform configs to do this? .. or are we stuck having to remove the mgmt account from the org and maybe starting over with SSO?

[milldr]

You can use an existing organization, but the designated root account must be the management account of the org. Plus, existing accounts other than that root account will not be included with Terraform automatically.

To do so, you will need to import the existing organization into Terraform. Please see Import the organization into Terraform using the account component

ie

atmos terraform import account --stack core-gbl-root 'aws_organizations_organization.this[0]' 'o-7qcakq6zxw'

Please be extra cautious when applying accounts Terraform. Double check plans first and make sure you're not deleting your accounts or organizations.

[dukarc]

Thank you @milldr

FYI for other folks we didn't go this route .. we ended up removing our mgmt account from the org and deleting the manual org we created to fix this for us.