AWS Landing Zone with Control Tower

Created by Bolum Team

Updated: 4/8/2024

445

AWSMulti-AccountEnterprise

Set up a well-architected AWS multi-account environment.

This template implements AWS best practices for account structure, security guardrails, centralized logging, and identity management using Control Tower and Organizations.

What This Template Does

Sets up AWS Organizations structure

Configures Control Tower guardrails

Implements AWS SSO for centralized access

Creates shared services accounts

Sets up centralized CloudTrail and Config

Deploys Service Control Policies

How to Set It Up

Enable Control Tower

Set up AWS Control Tower in your management account.

Configure OUs

Create organizational units following our structure.

Deploy guardrails

Apply the SCPs and detective controls.

Set up SSO

Configure AWS SSO with your identity provider.

Vend accounts

Use Account Factory to create new workload accounts.

Tools Used

AWS Control TowerAWS OrganizationsAWS SSOCloudFormation

Related Templates

Production-Ready AWS VPC with Terraform

Multi-AZ VPC with public/private subnets, NAT gateways, and security groups.

View template

AWS Multi-Account Transit Gateway

Hub-and-spoke networking across AWS accounts.

View template

Ready to use this template?

Our team will help you customize and deploy it for your infrastructure.

Get Implementation Help Browse More Templates