Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

LZA and Control Tower

0

Why is it recommended to use AWS Control Tower for LZA, What extra benefits do you get from it? Thank you in advance for your help an guidance.

Themen
Sicherheit, Identität & KonformitätManagement & Unternehmensführung
Tags
Sicherheit, Identität & KonformitätAWS KontrollturmAWS OrganisationenAWS Kontoverwaltung
Sprache
English
seyed
gefragt vor einem Jahr1121 Aufrufe
2 Antworten
0
Akzeptierte Antwort

hi,

AWS Control Tower offers you the capability to build and manage a multi account environment. It's a collection of

  1. Landing Zone
  2. Guardrails
  3. Account Factory for automating account provisioning

You have a dashboard to monitor and control your LZ's and accounts. It provides blueprints with the best practices which we can pick for our landing zone and that significantly reduces the time on LZ creation. The difference lies with the prebuilt templates, guardrails and is designed to provide an easy, self-service setup experience and an interactive user interface.

Please refer this on why AWS Control Tower here: https://d1.awsstatic.com/events/aws-reinforce-2022/GRC374_Automate-governance-of-environments-with-AWS-Control-Tower.pdf

Thanks Arun

AWS
Arun
beantwortet vor einem Jahr
profile picture
EXPERTE
Giovanni Lauria
überprüft vor 2 Monaten
  • seyed
    vor einem Jahr

    Thank you Arun

0

In order to deploy LZA (Landing Zone Accelerator) you must have wither AWS Control Tower or AWS Organizations enabled. You can see the pre-requisite here.

In terms of he benefits using LZA will have more features then using Control Tower alone and that is why it is recommended to deploy on top of Control Tower. LZA provides a comprehensive no-code solution across 35+ AWS services and gives you the automation to deploy SCP policies, complex network setup's with TGW and VPC creation, security controls with GuardDuty and SecurityHub and even add your own customized Cloudformation scripts on top of LZA natively. You can view the architecture diagram of what gets deployed here.

if your organization has fewer accounts and less complexities it is recommended that you start with AWS Control Tower so it will be easier to manage and lower cost. If you require an enterprise level governance for your organization then would make sense to deploy LZA on top of it.

AWS
debbie
beantwortet vor einem Jahr
  • seyed
    vor einem Jahr

    Hi there AWS-User-9543277, had a follow up question to your answer hope you can help. You mentioned "add your own customized Cloudformation scripts on top of LZA natively", could you elaborate and explain if these customised CF scripts can be within LZA solution as supplied by AWS or should theybe outside the LZA solution. Thank you for your help in advance.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt