AWS Cloud Operations & Migrations Blog

Category: Resource Access Manager (RAM)

The latest from AWS Organizations (Fall 2021)

AWS Organizations provides features that customers can utilize to manage their AWS environment across accounts. When paired with other AWS services, AWS Organizations helps you manage permissions, create and share resources, govern your environment, and centrally control your security requirements. Here’s what our team has been up to since Spring 2021. Programmatically manage alternate contacts […]

Read More
Migrating custom Landing Zone with RAM to AWS Control Tower

Migrating custom Landing Zone with RAM to AWS Control Tower

The AWS Landing Zone is a solution that helps customers accelerate the setting up of a secure, multi-account AWS environment based on AWS best practices. In June 2019, AWS launched AWS Control Tower. AWS Control Tower is a managed AWS service that automates the creation of a multi-account AWS environment based upon the AWS Well-Architected […]

Read More
Managing the multi-account environment using AWS Organizations and AWS Control Tower

Managing the multi-account environment using AWS Organizations and AWS Control Tower

This is the third post in our series about multi-account management. In the first post, Governance, risk, and compliance when establishing your cloud presence, we focus on design considerations for managing in a cloud environment. Our second post, Best Practices for Organizational Units with AWS Organizations, provides guidance for a production-ready organizational unit (OU) structure when creating […]

Read More

Self-service VPCs in AWS Control Tower using AWS Service Catalog

One of the first tasks my customers do when creating a new AWS account is to create the right network integration for their enterprise. Typically, this means implementing an Amazon Virtual Private Cloud (VPC) across a multi-account framework that was provisioned with AWS Control Tower. When these are provisioned in a self-service model, we see […]

Read More
Customizing account configuration with AWS Control Tower lifecycle events

Customizing account configuration with AWS Control Tower lifecycle events

In this blog post, we show how to customize the networking configuration in an AWS account. For example by deleting the default VPCs in all AWS Regions, using AWS Resource Access Manager to share the appropriate VPC subnets and using AWS Firewall Manager to apply security groups to VPCs in the account.

Read More