Stack Overflow
Stack Overflow

Questions tagged [aws-landing-zone]

AWS Landing Zone is a solution that helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices.

AWS Landing Zone is a solution that helps customers more quickly set up a secure, multi-account AWS environment based on AWS best practices.

This solution can help save time by automating the set-up of an environment for running secure and scalable workloads while implementing an initial security baseline through the creation of core accounts and resources. It also provides a baseline environment to get started with a multi-account architecture, identity and access management, governance, data security, network design, and logging.

Ref: https://aws.amazon.com/answers/aws-landing-zone/

18 questions
3
votes
3 answers

AWS Landing Zone - access to core accounts?

How can I access the AWS Landing Zone core accounts after creating an AWS Landing Zone? This is what I have done so far: Deploy the AWS Landing Zone based on the AWS Landing Zone initiation template Let the CodePipeline execute the…
matsev
  • 32,104
  • 16
  • 121
  • 156
1
vote
0 answers

Does AWS Athena partition projection support more than one `storage.location.template`?

AWS ControlTower managed CloutTrail created account-trail-logs which used /org id/AWSLogs/… log path in S3 bucket, until Landing Zone 3.0 update which replaced it with organization-trail logs whose new log path is /org id/AWSLogs/org…
Pal Ramasamy
  • 11
  • 4
1
vote
2 answers

Microsoft Azure - Multi tenant architecture and landing zones

I am new to Microsoft Azure, so it might be a very naive question. At what level landing zones are created? Like are they created on resource group level, subscription level, tenant level or any other level. Also, in a multi tenant architecture,…
Atrey
  • 11
  • 1
1
vote
1 answer

AWS landing zone home region and resource restrictions

My current understanding is that if I were to set up a Multi Account Landing Zone ( MALZ) in one region , say for example Ireland, I will still be able to have accounts that can contain resources in other regions ( US , Frankfurt et al ) assuming…
IT_novice
  • 1,211
  • 3
  • 13
  • 22
1
vote
2 answers

Move AWS account to another AWS Organization

I have an AWS Landing Zone setup with Networking, Logging, Security, and a number of Custom AWS accounts. All of the ingress/egress connectivity is going through the Networking account. I want to set up a completely new Landing Zone (AWS…
jumpy
  • 317
  • 1
  • 12
1
vote
2 answers

Setting up individual developer accounts in AWS Landing zone seup

At the bottom left corner, it says Developer accounts which is in addition to the Product accounts that we have i.e Sandbox/dev/test/prod/tools Is it recommended to have individual developer accounts? How to set up individual developer accounts…
systemdebt
  • 4,589
  • 10
  • 55
  • 116
1
vote
3 answers

New Account Creation Error from AWS Control Tower

I'm getting an error to enroll account into control tower, though my colleague is able to enroll new account with the same permission. Error Details:- An unknown error occurred. Try again later, or contact AWS Support. No launch paths found for…
pooja singh
  • 86
  • 1
  • 10
1
vote
1 answer

AWS Landing Zone - Rollback complete codepipeline after error occured post core account creation

I've tried to setup my AWS organization using AWS Landing Zone. This is what I have done :- Deploy the AWS Landing Zone based on the AWS Landing Zone initiation template Execute CodePipeline created by initiation template Core accounts were created…
Geeky Ninja
  • 6,002
  • 8
  • 41
  • 54
0
votes
1 answer

Control Tower Failing to Re-Register OU and even Account Enrollment

I'm trying to add a new account (created using account factory) in existing OU but the enrollment is failling repeatedly. we're getting this error: "AWS Control Tower could not enroll your account for the following reason: AWS Control Tower setup…
Jaskaran Singh Puri
  • 729
  • 2
  • 11
  • 37
0
votes
0 answers

Implement AWS Cost allocation tags via Account factory for terraform(AFT) or Landing zone accelerator(LZA)

I manage AWS account with AWS Control Tower, Account Factory for terraform and Landing zone accelerator. my question is are there any way to implement cost allocation tags with AFT or LZA? I didn't find any document or resources in AWS…
Stanley
  • 3
  • 2
0
votes
0 answers

upload a file from aws lambda to aws s3 -without using aws-sdk

I want to perform some lambda function to upload files to s3. I found that using aws-sdk taking too much space for me. so i try to upload with pure node without any libary that not build in. this is the code that run on aws lambda function: //My…
Bennyh961
  • 85
  • 1
  • 7
0
votes
0 answers

AWS - Customizations for AWS Control Tower (CfCT) for Existing Control Tower

We have configured an AWS Control Tower manually (last year) and now we want to have customization using CfCT. I am just wondering if there will be any impact on my current AWS accounts if I run the CfCT(default stack) considering I have production…
Noobguy1110
  • 1
  • 2
0
votes
3 answers

Can you create AWS accounts from member accounts?

I am creating an AWS organization and some member accounts within their own OUs (organizational Unit). Is there a way to create new accounts in the OUs from the member accounts or is the only way to create new accounts from within the Management…
Pullover
  • 1
  • 1
0
votes
1 answer

How to enroll aws accounts under AWS Organizations into a Control Tower created OU

I want to enroll 2 aws accounts which are created in an aws organization under lets say Root Account 1 into the Organization Units created by Control Tower in Root Account 2. The main problem here is that the two root accounts are totally different…
SUBHAS PATIL
  • 176
  • 1
  • 13
0
votes
1 answer

AWS Control Tower failed to set up your landing zone completely: ... because the log group already exists

I am trying to setup a new landing zone with the AWS Control Tower but I get stuck at the same step even after multiple attempts. AWS Control Tower failed to set up your landing zone completely: AWS Control Tower cannot create log…
Fredrik Johansson
  • 35
  • 6
1
2