Posted On: Feb 12, 2024

AWS Control Tower Account Factory for Terraform (AFT) now allows you to customize the resources deployed and recorded by AFT. You can now choose whether or not to deploy AFT using a virtual private cloud (VPC). You can also customize the retention periods for AWS Backup recovery points, Amazon Cloudwatch log groups, and Amazon S3 log archive buckets to meet your unique data retention needs. This release includes enhancements to AFT VPC default security group to align with AWS Foundational Security Best Practices.

Account Factory for Terraform (AFT) sets up a Terraform pipeline to help you provision and customize accounts in AWS Control Tower. To learn more, visit the Account Factory for Terraform page in the AWS Control Tower User Guide or review the release notes on the AFT Github page. AFT is supported in all commercial regions with some exceptions. See the list of AFT Region limitations here and AWS GovCloud (US) Region limitations here.