Scribd
Upload
11 views14 pages

AWS Control Tower SSO Overview

aws

Uploaded by

Tran Minh Long
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
11 views14 pages

AWS Control Tower SSO Overview

aws

Uploaded by

Tran Minh Long
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Secure Landing Zone

with Control Tower and AFT

Section 3 – AWS Organizations


Organization's problem

Secure Landing Zone with Control Tower and AFT


Organization's problem

Secure Landing Zone with Control Tower and AFT


Organization's problem

Secure Landing Zone with Control Tower and AFT


Organization tools

- AWS Organizations
helps to centrally manage and govern your environment as you scale your AWS resources

- AWS Resource Access Manager


helps you securely share your resources across AWS accounts

- AWS Control Tower


provides you with a single location to set up a well-architected multi-account environment to govern
your AWS workloads

Secure Landing Zone with Control Tower and AFT


Organization structure

AWS Managing organizational units (OUs) - is a logical


grouping of accounts in your organization

Service control policies (SCPs) - are a type of organization


policy that you can use to manage permissions in your
AWS account – is a container for your AWS resources
organization

Secure Landing Zone with Control Tower and AFT


Organization structure

Secure Landing Zone with Control Tower and AFT


Organization structure

Secure Landing Zone with Control Tower and AFT


Organization structure

Secure Landing Zone with Control Tower and AFT


Organization structure

Secure Landing Zone with Control Tower and AFT


Organization structure

Secure Landing Zone with Control Tower and AFT


Organization structure

Secure Landing Zone with Control Tower and AFT


Organization structure

4 – including the ROOT SCP policies (if they exist)

Secure Landing Zone with Control Tower and AFT


Summary
AWS Organizations – is an account management service that lets you consolidate multiple AWS accounts into
an organization

Managing organizational unit (OU) - is a logical grouping of accounts in your organization

Service Control Policies (SCPs) - are permission policies within organizational accounts
! SCP never grants permissions

AWS Resource Access Manager (RAM) - is a service that enables you to easily and securely share AWS
resources with any AWS account or within your AWS Organization

AWS Control Tower - is a service that enables you to enforce and manage governance rules for security,
operations, and compliance at scale across all your organizations and accounts in the AWS Cloud

Secure Landing Zone with Control Tower and AFT

You might also like