AWS Architecture Blog
Category: AWS Control Tower
Running hybrid Active Directory service with AWS Managed Microsoft Active Directory
Enterprise customers often need to architect a hybrid Active Directory solution to support running applications in the existing on-premises corporate data centers and AWS cloud. There are many reasons for this, such as maintaining the integration with on-premises legacy applications, keeping the control of infrastructure resources, and meeting with specific industry compliance requirements. To extend […]
Deploy consistent DNS with AWS Service Catalog and AWS Control Tower customizations
Many organizations need to connect their on-premises data centers, remote sites, and cloud resources. A hybrid connectivity approach connects these different environments. Customers with a hybrid connectivity network need additional infrastructure and configuration for private DNS resolution to work consistently across the network. It is a challenge to build this type of DNS infrastructure for […]
Field Notes: Clear Unused AWS SSO Mappings Automatically During AWS Control Tower Upgrades
Increasingly organizations are using AWS Control Tower to manage their multiple accounts as well as an external third-party identity source for their federation needs. Cloud architects who use these external identity sources, needed an automated way to clear the unused maps created by AWS Control Tower landing zone as part of the launch, or during […]
Field Notes: Extending the Baseline in AWS Control Tower to Accelerate the Transition from AWS Landing Zone
Customers who adopt and operate the AWS Landing Zone solution as a scalable multi-account environment are starting to migrate to the AWS Control Tower service. They are doing so to enjoy the added benefits of managed services such as stability, feature enhancement, and operational efficiency. Customers who fully use the baseline for governance control provided […]
Field Notes: Perform Automations in Ungoverned Regions During Account Launch Using AWS Control Tower Lifecycle Events
This post was co-authored by Amit Kumar; Partner Solutions Architect at AWS, Pavan Kumar Alladi; Senior Cloud Architect at Tech Mahindra, and Thooyavan Arumugam; Senior Cloud Architect at Tech Mahindra. Organizations use AWS Control Tower to set up and govern secure, multi-account AWS environments. Frequently enterprises with a global presence want to use AWS Control […]
Journey to Adopt Cloud-Native Architecture Series: #4 – Governing Security at Scale and IAM Baselining
In Part 3 of this series, Improved Resiliency and Standardized Observability, we talked about design patterns that you can adopt to improve resiliency, achieve minimum business continuity, and scale applications with lengthy transactions (more than 3 minutes). As a refresher from previous blogs in this series, our example ecommerce company’s “Shoppers” application runs in the cloud. […]
Designing a Successful Pilot Phase for Your Cloud Migration
Pilot phases, or pilots, as we will call them from now on, should be conducted to test and find the positive and negative aspects of a particular use case, design pattern, or application migration approach. They allow you to validate the foundation of your architecture (for example, with a landing zone governed by AWS Control […]
Issues to Avoid When Implementing Serverless Architecture with AWS Lambda
There’s lots of articles and advice on using AWS Lambda. I’d like to show you how to avoid some common issues so you can build the most effective architecture. Technologies emerge and become outdated quickly. So, solutions that may look like the right solution, otherwise known as anti-patterns, can prevent you from building a cost-optimized, […]
Fast and Secure Account Governance with Customizations for AWS Control Tower
Organizations around the world value a secure, well-architected, AWS environment that provides a strong foundation for their cloud operations. They seek a multi-account strategy that delivers operational excellence, security, reliability, performance, and cost optimization of their AWS resources now and into the future. AWS Control Tower delivers on this multi-account strategy by orchestrating various AWS […]
Field Notes: AWS Control Tower Governance on Selected Regions and Improved Account Provisioning
Co-written by Kalyan Ghatak, Senior Technical Product Manager and Kishore Vinjam, Partner Solutions Architect at AWS AWS Control Tower is available in 13 AWS Regions today. As we continue to expand to additional Regions, customers have asked to provide the ability to choose the Regions that AWS Control Tower manages. By only selecting the actively […]