Strategic Consolidation of Multiple Landing zones and Networks into a Unified Architecture
What is the optimal strategy for consolidating multiple master accounts, each with a unique landing zone and associated VPCs linked to separate Transit Gateways, into a unified landing zone where all VPCs are connected to a single Transit Gateway?
- 최신
- 최다 투표
- 가장 많은 댓글
Currently its not possible to have multiple control tower accounts under one org, there can be only one of in the management account. I would take below steps:
- So if you are looking for unifying all accounts under one management, you can either create a new Control tower account or promote one of the existing account.
- enroll your existing accounts - https://docs.aws.amazon.com/controltower/latest/userguide/enroll-account.html
- decommission unused management account - https://docs.aws.amazon.com/controltower/latest/userguide/how-to-decommission.html
Next part of unifying Networking - This will be little tricky if you have production workload running. see this - https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html Also have a look at AWS IPAM for managing your VPC and IPs- https://aws.amazon.com/blogs/mt/using-amazon-ipam-to-enhance-aws-control-tower-governance-for-networking-resources/
Thanks
