- 最新
- 最多得票
- 最多評論
You are correct in your understanding of the account creation process for AWS GovCloud (US) when using the Landing Zone Accelerator (LZA) on AWS. The process you described is indeed the recommended approach for creating new accounts in the LZA GovCloud environment.
AWS Control Tower Account Factory, AFC, and AFT are not available in GovCloud, necessitating this manual approach to account creation and enrollment.
[+] AWS Control Tower User Guide: https://docs.aws.amazon.com/controltower/latest/userguide/region-how.html
It is my understanding that if the account is not created by the organization then the invite and acceptance must be done manually because there is a role that is used to accept the invitation which is not automatically created for invited accounts. Here is a doc covering the difference between created and invitied accounts --> https://docs.aws.amazon.com/organizations/latest/userguide/orgs_manage_accounts_access.html#orgs_manage_accounts_create-cross-account-role
Hope this helps!
相關內容
- AWS 官方已更新 2 年前
- AWS 官方已更新 2 年前
- AWS 官方已更新 7 個月前