- Newest
- Most votes
- Most comments
I believe Control Tower is required to set up AFT and the linkage to AWS Organizations. Step 1 in the AFT setup instructions, https://registry.terraform.io/modules/aws-ia/control_tower_account_factory/aws/latest, is Control Tower setup.
AFT is a solution built specifically for use with AWS Control Tower (CT). As you can see in the docs here https://docs.aws.amazon.com/controltower/latest/userguide/aft-getting-started.html there is a distinct requirement for there to be a AWS Control Tower Landing Zone. That said the functionality being built into AWS Control Tower along with the integration capabilities still make it the best option for longer term reduction of operating burden for your environment. There is an easy path to govern an existing org with AWS CT https://docs.aws.amazon.com/controltower/latest/userguide/about-extending-governance.html. If you do deploy CT into an existing organization you still need to manually register OU's and Accounts as they are not automatically enrolled. There are customers that deploy AWS CT in an almost parallel fashion and then slowly ingest OU's and Accounts... or they just use it for new OU's and Accounts.
Relevant content
- Accepted Answerasked 3 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago