When you deploy an AWS Organization using Control Tower, an AWSSSO IdP is created in every account. It's name ends with DO_NOT_DELETE. What happens if you delete it? Background I recently had someone reach out to me asking what happens if the auto-created AWS SSO IdP Provider that integrates with IAM Identity Center in Control … Continue reading You deleted the “DO_NOT_DELETE” IdP?
My previous post detailed the process to install AWS Landing Zone Accelerator (LZA) within an existing Control Tower environment. While the process wasn't trivial or all that well documented, it did result in a successfully deployed LZA. What are the benefits that LZA provides out of the box beyond a basic Control Tower deployment? Using … Continue reading AWS Landing Zone Accelerator Features: Beyond Control Tower
Multi-account landing zones have been the defacto standard for how to architect environments from a governance and compliance standpoint in AWS. Control Tower is an AWS service that was released in 2019, enabling customers to quickly and easily deploy the framework for a well-architected landing zone . More recently, AWS released Landing Zone Accelerator (LZA), … Continue reading Deploying AWS LZA with pre-existing Control Tower
A little while back I wrote a blog series on AWS Multi-Account architectures and ways to deploy them. My post on Control Tower came during the relative infancy of the service. Since then, Control Tower has benefited from a number of updates, including some very recent ones that mark a fairly large leap in service … Continue reading AWS Control Tower Grows Up
Part 2 of this series introduced AWS Landing Zone and how that solution gives customers a well architected multi-account structure within AWS. Like many other architectures available in the cloud, AWS Landing Zone makes use of a multitude of AWS services and deploys them via infrastructure as code and other DevOps tools to provide an … Continue reading AWS Multi-Account Architecture Part 3 – AWS Control Tower
This post is jumping the gun a little bit in that I'm planning to do a short blog series about AWS Organizations and landing zones in the near future. As I'm ramping up to start that series, I wanted to pass along something I didn't see until digging around a bit recently, which is a … Continue reading AWS Control Tower gets an update
