- 新しい順
- 投票が多い順
- コメントが多い順
You are correct in your understanding of the account creation process for AWS GovCloud (US) when using the Landing Zone Accelerator (LZA) on AWS. The process you described is indeed the recommended approach for creating new accounts in the LZA GovCloud environment.
AWS Control Tower Account Factory, AFC, and AFT are not available in GovCloud, necessitating this manual approach to account creation and enrollment.
[+] AWS Control Tower User Guide: https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html
It is my understanding that if the account is not created by the organization then the invite and acceptance must be done manually because there is a role that is used to accept the invitation which is not automatically created for invited accounts. Here is a doc covering the difference between created and invitied accounts --> https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
Hope this helps!
関連するコンテンツ
- AWS公式更新しました 2年前
- AWS公式更新しました 4ヶ月前
- AWS公式更新しました 2年前