When we at Silvr begin a cloud migration project, one of the first things we do is lay down the foundation of the customers cloud account structure. This step is critical because misconfiguring the account structure can lead to cost center billing issues and more importantly, security and compliance issues for a customer later on. Depending on the customer and their needs, the cloud environment may be a fairly straightforward single account environment or the environment may need to be configured with multiple accounts to facilitate cost management and RBAC separation of duties between different business units.
When we are working with a customer migrating to AWS, a tool that we utilize to facilitate a multi account cloud environment that follows best practices is AWS Control Tower. AWS Control Tower is a service that builds on top of AWS Organizations , it provides a set of pre-configured best practices for multi-account management. You can use Control Tower to set up a landing zone, which is a secure and scalable environment for your AWS accounts. Control Tower also offers guardrails, which are high-level rules that govern your landing zone. Guardrails can be preventive or detective, meaning they can either block actions that violate the rules or alert you when they happen.
By using AWS Organizations and Control Tower together, you can benefit from several advantages:
- You can save time and effort by automating the creation and management of your AWS accounts.
- You can improve your security and compliance posture by applying consistent policies and guardrails across your accounts.
- You can monitor and audit your account activity and configuration using the dashboard and reports provided by Control Tower.
- You can easily scale your landing zone as your organization grows and changes.
We automate all of the solutions above using Terraform. This means that we have a repeatable and reliable solution that lays out the foundation of a proper cloud account structure that meets corporate standards, meets regulatory requirements, and follows best practices.
