Control Tower Automation

Question

We start using Control Tower via console and it automatically sets security account and sandbox account. And Im using AFT for additional account requests. 
Is there any way I can automate the setup of control tower itself like setting security account and sandbox account

Accepted Answer

Hi, unfortunately there is no API call or automation that can do the initial setup of Control Tower and it's Landing Zone at this time. We hope to add that functionality in the future. You can automate Control Tower control configuration using Terraform against the Organization Management Account (Where Control Tower resides) https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/controltower_control

To configure resources in the Log-Archive or Audit accounts, you can add them to AFT using the same process you would to provision a new account. Create a new account request but use the existing account details (Account Name, Account email address and Organizational Unit)

Answer

Checkout [this](https://aws.amazon.com/blogs/mt/aws-service-catalog-account-factory-enhanced/) blog.
You may also want to take a look at the [Landing Zone Accelerator](https://aws.amazon.com/solutions/implementations/landing-zone-accelerator-on-aws/) if your organization has complex compliance requirement.

Let me know if you have any other questions or if you run into issues walking through the blog.

Control Tower Automation

Contenuto pertinente