AWS Control Tower - docs.aws.amazon.com

User Guide

AWS Control Tower

Copyright ? 2024 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

AWS Control Tower

AWS Control Tower: User Guide

User Guide

Copyright ? 2024 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.

Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by Amazon.

AWS Control Tower

Table of Contents

User Guide

What Is AWS Control Tower? .......................................................................................................... 1 Features .......................................................................................................................................................... 1 How AWS Control Tower interacts with other AWS services ............................................................... 2 Are You a First-Time User of AWS Control Tower? ............................................................................... 3 How It Works ................................................................................................................................................. 3 Structure of an AWS Control Tower Landing Zone .......................................................................... 3 What happens when you set up a landing zone .............................................................................. 4 What are the shared accounts? ............................................................................................................ 5 How controls work .................................................................................................................................. 6 How AWS Control Tower works with StackSets ............................................................................... 7

Terminology ..................................................................................................................................... 8 Pricing ............................................................................................................................................ 11

....................................................................................................................................................................... 11 Setting up ...................................................................................................................................... 12

Sign up for AWS ......................................................................................................................................... 12 Sign up for an AWS account .............................................................................................................. 12 Create an administrative user ............................................................................................................ 13

....................................................................................................................................................................... 13 Next step ...................................................................................................................................................... 14 Getting started .............................................................................................................................. 15 Quick start guide ........................................................................................................................................ 15 Pre-launch checks ..................................................................................................................................... 17

Considerations for AWS IAM Identity Center (IAM Identity Center) customers ........................ 17 Getting started from the console ........................................................................................................... 19

Step 1: Create your shared account email addresses ................................................................... 19 Expectations for landing zone configuration ................................................................................ 21 Step 2. Configure and launch your landing zone ......................................................................... 22 Step 3. Review and set up the landing zone ................................................................................. 30 Getting started using APIs ....................................................................................................................... 30 Expectations for landing zone configuration with APIs ................................................................ 31 Step 1: Configure your landing zone .............................................................................................. 32 Step 2: Launch your landing zone ................................................................................................... 35 Identify your landing zone ................................................................................................................ 39 Update your landing zone ................................................................................................................. 39

iii

AWS Control Tower

User Guide

Reset the landing zone to resolve drift .......................................................................................... 41 Decommission your landing zone .................................................................................................... 42 Examples: Set up an AWS Control Tower landing zone with APIs only ..................................... 43 Launching a landing zone using AWS CloudFormation ............................................................... 50 Next steps .................................................................................................................................................... 56 Limitations and quotas ................................................................................................................. 58 Limitations in AWS Control Tower ......................................................................................................... 58 Control limitations ..................................................................................................................................... 60 Regions and stack set limitations ........................................................................................................... 64 Best practices for administrators ................................................................................................. 65 Explaining access to users ........................................................................................................................ 65 Explaining resource access ....................................................................................................................... 65 Explaining preventive controls ................................................................................................................ 66 Plan your landing zone ............................................................................................................................. 67 Compare functionality ......................................................................................................................... 68 Launch AWS Control Tower in an Existing Organization .............................................................. 69 Launch AWS Control Tower in a New Organization ...................................................................... 70 Best practices: Set up an AWS multi-account landing zone .............................................................. 70 Align with AWS multi-account guidance ......................................................................................... 71 Guidelines to set up a well-architected environment ................................................................... 72 Example of AWS Control Tower with a complete multi-account OU structure ........................ 75 About the Root ...................................................................................................................................... 76 Administrative tips for landing zone setup ......................................................................................... 76 Recommendations for setting up groups, roles, and policies .......................................................... 77 Guidance for creating and modifying AWS Control Tower resources .............................................. 78 When to sign in as a root user ............................................................................................................... 80 AWS Organizations guidance ................................................................................................................... 81 IAM Identity Center guidance .................................................................................................................. 82 Account Factory guidance ........................................................................................................................ 84 Guidance on subscribing to SNS Topics ................................................................................................ 84 Guidance for KMS keys ............................................................................................................................. 85 Configuration update management ............................................................................................. 86 About Updates ............................................................................................................................................ 88 Update Your Landing Zone ...................................................................................................................... 89 Manual updates ..................................................................................................................................... 89 Resolve drift with Repair and Re-register ............................................................................................. 90

iv

AWS Control Tower

User Guide

Provision and update accounts using automation .............................................................................. 90 Automate tasks .............................................................................................................................. 92

AWS CloudShell and the AWS CLI .......................................................................................................... 94 Obtaining IAM permissions for AWS CloudShell ............................................................................ 94 Interacting with AWS Control Tower using AWS CloudShell ....................................................... 95

AWS CloudFormation resources .............................................................................................................. 98 AWS Control Tower and AWS CloudFormation templates ........................................................... 98 Learn more about AWS CloudFormation ......................................................................................... 99

Customize your landing zone ..................................................................................................... 100 ..................................................................................................................................................................... 100 Customize from the AWS Control Tower console ............................................................................. 100 Automate customizations outside the AWS Control Tower console ............................................. 102 Benefits of Customizations for AWS Control Tower (CfCT) ............................................................. 102 Additional CfCT examples ...................................................................................................................... 103 Customizations for AWS Control Tower (CfCT) overview ............................................................... 103 Architecture .......................................................................................................................................... 104 Cost ........................................................................................................................................................ 106 Component services ............................................................................................................................... 107 AWS CodeCommit .............................................................................................................................. 107 AWS CodePipeline .............................................................................................................................. 107 AWS Key Management Service ........................................................................................................ 107 AWS Lambda ....................................................................................................................................... 107 Amazon Simple Notification Service .............................................................................................. 108 Amazon Simple Storage Service ..................................................................................................... 108 Amazon Simple Queue Service ....................................................................................................... 108 AWS Step Functions ........................................................................................................................... 108 AWS Systems Manager Parameter Store ....................................................................................... 109 Deployment considerations ................................................................................................................... 109 Prepare for deployment .................................................................................................................... 109 To update Customizations for AWS Control Tower ..................................................................... 111 Template and source code ..................................................................................................................... 111 Source code ......................................................................................................................................... 111 Deploy CfCT .............................................................................................................................................. 112 Prerequisites ........................................................................................................................................ 112 Deployment steps ............................................................................................................................... 112 Step 1. Launch the stack .................................................................................................................. 112

v

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.