AWS Organisation Structure

We try to follow Amazon recommended OUs and use AWS Control Tower to manage them.

However, for Security (OU), it was created by AWS Control Tower (CT) and AWS CT does not allow enrolling new OUs or accounts under this CT-managed OU. Therefore, we have to create another Security OU by prefixing OU to Security) to put the rest of the recommended accounts there.