I have an AWS Landing Zone setup with Networking, Logging, Security, and a number of Custom AWS accounts. All of the ingress/egress connectivity is going through the Networking account.
I want to set up a completely new Landing Zone (AWS Organization) and move all of the Custom AWS accounts to that Landing Zone. Will the existing network connectivity continue working (Transit Gateway attachments, routing tables, etc) if I move an account to the new AWS Organization?
On
Connections on the data-plane should keep working. However, be prepared for larger interruptions in the control-plane side of things. Many IAM Policies leverage sts:assumeRole conditions that have hardcoded organization id or network account id wildcards. Same can apply to policies for AWS service linked-roles, e.g. https://docs.aws.amazon.com/vpc/latest/tgw/service-linked-roles.html
An alternative to setting up a landing zone in a new organization (which is also a new master account to manage and secure) can be setting up a new OU in your existing organization.
AWS Organization is just an administrative tool, no change will be made on your existing accounts when you choose to join a newly created organization. So network connectivity will continue working.