AWS Architecture Blog

Category: AWS Control Tower

Azure AD Reference Architecture

Field Notes: Automate SAML 2.0 Federation using AWS Control Tower and Azure Active Directory

Some AWS Control Tower customers have adopted Azure Active Directory as their Identity Provider (IdP) and wish to keep authentication and authorization within the IdP. When setting up federation from Azure Active Directory a tutorial is often consulted which describes how to integrate Azure AD single sign-on with AWS. The tutorial uses an IAM user […]

Read More
ArchitectureOverview-1024x369

Field Notes: Enabling Guardrails in New AWS Regions the AWS Control Tower Supports

Originally published March 2020 to the Field Notes blog, and updated in January 2021, to highlight that AWS Control Tower supports the updating of enrolled accounts from the dashboard. Follow the instructions from Update existing OUs and accounts in addition to this blog. For the first time since the launch of AWS Control Tower, we […]

Read More
AWS Control Tower Management account screenshot

Field Notes: Enroll Existing AWS Accounts into AWS Control Tower

Originally published 21 April 2020 to the Field Notes blog, and updated in August 2020 with new prechecks to the account enrollment script. Last updated April 8, 2021 to reflect changes in the AWS Organizations service.  Since the launch of AWS Control Tower, customers have been asking for the ability to deploy AWS Control Tower […]

Read More
Sample post-merger AWS environment

Mergers and Acquisitions Readiness with the Well-Architected Framework

Companies looking for an acquisition or a successful exit through a merger, undergo a technical assessment as part of the due diligence process. While being a profitable business by itself can attract interest, running a disciplined IT department within your organization can make the acquisition more valuable. As an entity operating cloud workloads on AWS, […]

Read More
Route 53 PHZs and Resolver Endpoints

Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures

This post was co-written by Anandprasanna Gaitonde, AWS Solutions Architect and John Bickle, Senior Technical Account Manager, AWS Enterprise Support Introduction Many AWS customers have internal business applications spread over multiple AWS accounts and on-premises to support different business units. In such environments, you may find a consistent view of DNS records and domain names […]

Read More
Figure 1 Deployment to new account

Field Notes: Customizing the AWS Control Tower Account Factory with AWS Service Catalog

Many AWS customers who are managing hundreds or thousands of accounts know how complex and time consuming this process can be. To reduce the burden and simplify the process of creating new accounts, last year AWS released a new service, AWS Control Tower. AWS Control Tower helps you automate the process of setting up a […]

Read More
Install OpenShift Container Platform 4

Architecture Patterns for Red Hat OpenShift on AWS

Editor’s note: Although this blog post and its accompanying code make use of the word “Master,” Red Hat is making open source code more inclusive by eradicating “problematic language.” Read more about this. Introduction Red Hat OpenShift is an application platform that provides customers with turnkey application platform that is much more than a simple […]

Read More
microservices deployed across multiple VPCs use privately exposed endpoints

Using VPC Sharing for a Cost-Effective Multi-Account Microservice Architecture

Introduction Many cloud-native organizations building modern applications have adopted a microservice architecture because of its flexibility, performance, and scalability. Even customers with legacy and monolithic application stacks are embarking on an application modernization journey and opting for this type of architecture. A microservice architecture allows applications to be composed of several loosely coupled discreet services […]

Read More