AWS Managed Services Onboarding Introduction - AMS Advanced Onboarding Guide

AWS Managed Services Onboarding Introduction

Welcome to AWS Managed Services (AMS). The purpose of this document is to provide information about, and assistance with, the AMS onboarding process, including details about setting up a new account for AMS, setting up networking and access to AMS, and validating your onboarding setup.

This document is intended for IT administrators tasked with preparing for and carrying out the tasks required to onboard the AMS service to a new AWS account. Onboarding the AMS service requires special privileges to set up Active Directory trusts and complete other networking-level tasks.


This guide is divided into two parts after this introduction: One for multi-account landing zone accounts and one for single-account landing zone accounts. The onboarding is quite different for the two, please go next to the section of the guide that applies to your situation.

Learning about AMS

To understand AMS better, refer to these AMS User Guide sections:

  • What Is AWS Managed Services introduces the AMS service and describes the key features, operations, and interfaces as well as a typical AMS-managed network architecture. This chapter also provides information on access management including how to access your AMS-managed resources and using bastions.

  • Key Terms provides definitions and explanations for AMS terminology.

  • Understanding AMS Defaults provides the default values AMS uses, including the defaults for basic environment components, IAM and EC2, proxies, monitored metrics, logging, endpoint security (EPS), backups, and patching.

  • Change Management provides details on how requests for change (RFCs) and change types (CTs) work and includes examples of using AMS RFCs.

  • Several additional chapters cover accessing the AWS console, the AMS CLI, using the AMS change management system, the AMS SKMS, security, service requests, incidents, monitoring, logs, EPS, backups, and patch management.

To learn more about AMS multi-account landing zone architecture, see Multi-Account Landing Zone network architecture

To learn more about AMS single-account landing zone architecture, see Single-Account Landing Zone network architecture