When to update AWS Control Tower OUs and accounts

When you perform a landing zone update, you must update your enrolled accounts to apply new controls to those accounts.

You can perform an update to all accounts under an OU using the Re-Register or Reset option.
If you have more than one registered OU in your landing zone, re-register or reset all of your OUs to update all of your accounts.
To update a single account, you can update from the AWS Control Tower console, or you can select the Update provisioned product option in AWS Service Catalog if AWSControlTowerBaseline is enabled on the account. See Update the account in the console.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Update organizations

Update multiple accounts in one OU