Posted On: Nov 26, 2023
AWS Control Tower customers can now programmatically set up and manage their landing zones. Customers can discover, create, update, and reset their landing zones, as well as manage landing zone customizations, using APIs. A landing zone is a well-architected, multi-account AWS environment based on security and compliance best practices. AWS Control Tower automates the setup of a new landing zone using best-practices blueprints for identity, federated access, logging, and account structure. The landing zone APIs include AWS CloudFormation support, allowing customers to manage their landing zone with infrastructure as code (IaC).
The landing zone APIs enable customers to automate their AWS multi-account environment and adopt best practices programmatically. The APIs are available for customers who want to set up a new landing zone or use an existing landing zone. New customers can get started today by following the steps in the API Reference to create the pre-requisite AWS Organization, shared accounts, and service roles. After setting up their resources customers can create their landing zone with a single API call. Existing customers can start managing their landing zone programmatically today with existing permissions and resources. API actions include:
- GetLandingZone/ListLandingZones - discover your landing zone configuration options
- CreateLandingZone/UpdateLandingZone/DeleteLandingZone - manage your landing zone resources
- ResetLandingZone - repair landing zone drift
- GetLandingZoneOperation - monitor in-progress changes
For a full list of landing zone API calls, see the API References in the AWS Control Tower User Guide. For a full list of AWS Regions where AWS Control Tower is available, see the AWS Region Table.