1 réponse
- Le plus récent
- Le plus de votes
- La plupart des commentaires
1
Hi, currently Control Tower does not allow the creation of custom controls directly in Control Tower itself.
However you can create your own configurations that are similar via Terraform and AFT
- Preventative controls are Service Control Policies. Using Terraform you can create your own custom ones and apply them to the Organization by deploying them against the Organization Management account (where Control Tower resides). https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/organizations_policy
- Detective controls are AWS Config rules. You can create and apply rules to Accounts via AFT using aft-global-customizations or aft-account-customizations. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/config_config_rule.
The drawback is these custom resources will not be reported in the Control Tower console.
répondu il y a 7 mois
Contenus pertinents
- demandé il y a un an
- demandé il y a 2 mois
- demandé il y a un an
- Réponse acceptéedemandé il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 4 ans
Hello ,can we implement new OU with AFT