- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi, unfortunately there seems to be a disparity in the documentation. While the Security Reference Architecture describes the Security Tooling account under the Security OU. Control Towers functionality does not allow the provisioning of an Account into it's default created OU, which happens to be called Security, as this is the location for core accounts that Control Tower creates. The field advice I give customers on this currently, and often help them deploy, is to create a new OU for the Security Tooling account. There are also mandatory guardrails applied to that default OU, that may limit your usage, and it's best to keep accounts that you create in their own OU's to allow full flexibility in deployment and configuration.
Thanks for the explanation, Jimmy. I've passed on this feedback via the SRA page so hopefully this will be picked up.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a 3 ans
- AWS OFFICIELA mis à jour il y a 2 ans
The Audit account that is in the Security OU corresponds to the Security Tooling account so you can use that one for services such as Security Hub, Guard Duty, etc etc..