README
¶
AWS Control Tower Landing Zone Module
This Pulumi module provides a reusable implementation for setting up AWS Control Tower Landing Zone and AWS Organizations with best practices.
Features
- AWS Organization creation and configuration
- Control Tower Landing Zone setup
- Multi-level OU structure support
- Automated account creation and registration
- Custom KMS key integration
- Resource tagging
- SSM Parameter Store integration for OU structure sharing
Prerequisites
- Pulumi CLI installed
- Go 1.16 or later
- AWS CLI configured
- Required AWS permissions
Usage
package main
import (
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
"yourorg/aws-controltower-module/internal/config"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
// Configuration example
cfg := config.DefaultConfig
cfg.OrganizationUnits = map[string]*config.OUConfig{
"Workloads": {
Name: "Workloads",
Children: map[string]*config.OUConfig{
"Development": {Name: "Development"},
"Production": {Name: "Production"},
},
},
}
// ... implementation ...
return nil
})
}
Configuration
The module supports the following configuration options:
| Parameter | Description | Default |
|---|---|---|
| GovernedRegions | Regions managed by Control Tower | ["us-east-1", "us-west-2"] |
| DefaultOUName | Name for the default OU | "Sandbox" |
| LogRetentionDays | CloudTrail log retention period | 60 |
| KMSKeyAlias | Alias for the Control Tower KMS key | "alias/controltower-key" |
Best Practices
- Always use tags for resource management
- Implement least privilege access
- Use multi-region deployment where necessary
- Regular backup and monitoring
- Follow AWS Well-Architected Framework guidelines
License
MIT
Documentation
¶
Overview ¶
Package main provides the entry point for the AWS Organization and Control Tower configuration tool. Version: 1.0.0
Source Files
Directories
¶
| Path | Synopsis |
|---|---|
|
examples
|
|
|
internal
|
|
|
accounts
Package accounts provides functionality for managing AWS Organization accounts.
|
Package accounts provides functionality for managing AWS Organization accounts. |
|
config
Package config provides configuration types and validation for AWS Organization and Control Tower setup.
|
Package config provides configuration types and validation for AWS Organization and Control Tower setup. |
|
controltower
Package controltower provides functionality for managing AWS Control Tower landing zones.
|
Package controltower provides functionality for managing AWS Control Tower landing zones. |
|
logging
Package logging provides centralized logging functionality for the application.
|
Package logging provides centralized logging functionality for the application. |
|
metrics
Package metrics provides metrics collection and monitoring functionality.
|
Package metrics provides metrics collection and monitoring functionality. |
|
organization
Package organization provides functionality for managing AWS Organizations.
|
Package organization provides functionality for managing AWS Organizations. |
|
state
Package state provides state management functionality for AWS Organization configuration.
|
Package state provides state management functionality for AWS Organization configuration. |
Click to show internal directories.
Click to hide internal directories.