AWS Architecture Blog
Category: AWS Control Tower
Field Notes: AWS Control Tower Governance on Selected Regions and Improved Account Provisioning
Co-written by Kalyan Ghatak, Senior Technical Product Manager and Kishore Vinjam, Partner Solutions Architect at AWS AWS Control Tower is available in 13 AWS Regions today. As we continue to expand to additional Regions, customers have asked to provide the ability to choose the Regions that AWS Control Tower manages. By only selecting the actively […]
Field Notes: Automate SAML 2.0 Federation using AWS Control Tower and Azure Active Directory
Some AWS Control Tower customers have adopted Azure Active Directory as their Identity Provider (IdP) and wish to keep authentication and authorization within the IdP. When setting up federation from Azure Active Directory a tutorial is often consulted which describes how to integrate Azure AD single sign-on with AWS. The tutorial uses an IAM user […]
Field Notes: Enabling Guardrails in New AWS Regions the AWS Control Tower Supports
Originally published March 2020 to the Field Notes blog, and updated in January 2021, to highlight that AWS Control Tower supports the updating of enrolled accounts from the dashboard. Follow the instructions from Update existing OUs and accounts in addition to this blog. For the first time since the launch of AWS Control Tower, we […]
Field Notes: Enroll Existing AWS Accounts into AWS Control Tower
Originally published on April 21, 2020 to the Field Notes blog and updated in August 2020 with new prechecks to the account enrollment script. Updated April 8, 2021 to reflect changes in the AWS Organizations service. Last updated September 29, 2022: you can now enroll an existing account or register an organizational unit from the […]
Mergers and Acquisitions Readiness with the Well-Architected Framework
Companies looking for an acquisition or a successful exit through a merger, undergo a technical assessment as part of the due diligence process. While being a profitable business by itself can attract interest, running a disciplined IT department within your organization can make the acquisition more valuable. As an entity operating cloud workloads on AWS, […]
Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures
This post was co-written by Anandprasanna Gaitonde, AWS Solutions Architect and John Bickle, Senior Technical Account Manager, AWS Enterprise Support Introduction Many AWS customers have internal business applications spread over multiple AWS accounts and on-premises to support different business units. In such environments, you may find a consistent view of DNS records and domain names […]
Field Notes: Customizing the AWS Control Tower Account Factory with AWS Service Catalog
Many AWS customers who are managing hundreds or thousands of accounts know how complex and time consuming this process can be. To reduce the burden and simplify the process of creating new accounts, last year AWS released a new service, AWS Control Tower. AWS Control Tower helps you automate the process of setting up a […]
Architecture Patterns for Red Hat OpenShift on AWS
Editor’s note: Although this blog post and its accompanying code make use of the word “Master,” Red Hat is making open source code more inclusive by eradicating “problematic language.” Read more about this. Introduction Red Hat OpenShift is an application platform that provides customers with turnkey application platform that is much more than a simple […]
Using VPC Sharing for a Cost-Effective Multi-Account Microservice Architecture
Introduction Many cloud-native organizations building modern applications have adopted a microservice architecture because of its flexibility, performance, and scalability. Even customers with legacy and monolithic application stacks are embarking on an application modernization journey and opting for this type of architecture. A microservice architecture allows applications to be composed of several loosely coupled discreet services […]