Building a Landing Zone with Control Tower and CfCT
AWS Control Tower gives users a jumpstart in establishing their Landing Zone foundations, in contrast to building everything from scratch. Starting from a basic OU structure to host the security and workload accounts, it offers an account factory – an abstraction on top of Service Catalog that is used to create new accounts and provision resources in them. From a logging and security standpoint, it automatically rolls out organizational trails with AWS CloudTrail and also aggregates the compliance status by leveraging AWS Config’s features. At its core, it orchestrates account-related activities across several other AWS services to realize the benefits of a multi-account structure. Furthermore, it defines a security and compliance baseline that is composed of AWS Config rules, IAM policies, and SCPs. These sane defaults block actions such as making an S3 bucket public, disabling CloudTrail logs, or switching off Config...
