Skip to content
/ aws-landing-zone-sample Public

Sample Configuration Package for the Customizations for AWS Control Tower solution.

License

Apache-2.0 license
3 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DerekSedlmyer/aws-landing-zone-sample

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.github/workflows
.github/workflows
 
 
custom-control-tower-configuration
custom-control-tower-configuration
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Sample AWS Landing Zone Customizations

This repo contains sample Service Control Policies (SCPs) and CloudFormation templates for customizing a Landing Zone in AWS Control Tower as part of the Customizations for AWS Control Tower solution by AWS.

The SCPs, CloudFormation templates, and a manifest file will be bundled as a Configuration Package in a zip file for deployment to the Landing Zone in Control Tower. To deploy the Configuration File, the zip file will be uploaded to an S3 bucket created as part of the Customizations for AWS Control Tower solution. The AWS CodePipeline will then deploy SCPs and CloudFormation StackSets to appropriate member AWS Accounts.

The following diagram shows architecture of the Customizations for AWS Control Tower solution

Customizations for AWS Control Tower solution

Prerequisites

  • AWS CLI
  • AWS Credentials (Access Key/Secret Access Key)

Building

To build the Configuration Package, a zip file will need to be created that contains the manifest file, the policy files for SCPs, and CloudFormation templates stored in the custom-control-tower-configuration folder in this repo.

❗ Zip file must be named custom-control-tower-configuration.zip in order to trigger the AWS CodePipeline in Customizations for AWS Control Tower solution.

To build the zip file:

mkdir dist
zip -r dist/custom-control-tower-configuration.zip custom-control-tower-configuration/

Deploying

To deploy the Configuration Package to the Customizations for AWS Control Tower solution, the zip file will need to be copied to the custom-control-tower-configuration-${AWS::AccountId}-${AWS::Region} S3 bucket.

aws s3 cp custom-control-tower-configuration/custom-control-tower-configuration.zip s3://CUSTOM_CONTROL_TOWER_CONFIGURATION_BUCKET_NAME/custom-control-tower-configuration.zip

CI/CD

GitHub Actions can be used to build the Configuration Package and deploy it to the Customizations for AWS Control Tower solution.

To configure, modify :

  1. Set AWS_REGION variable to the region where the Customizations for AWS Control Tower solution is deployed, default: us-east-1
  2. Set CUSTOM_CONTROL_TOWER_CONFIGURATION_BUCKET_NAME to the bucket created by solution to store Configuration Packages, default: custom-control-tower-configuration-${AWS::AccountId}-${AWS::Region}

Set the following secrets in your GitHub repo:

  1. AWS_ACCESS_KEY_ID
  2. AWS_SECRET_ACCESS_KEY
  3. AWS_ACCOUNT_ID

About

Sample Configuration Package for the Customizations for AWS Control Tower solution.

Topics

aws governance aws-control-tower

Resources

Readme

License

Apache-2.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published