Deployment Considerations - Customizations for AWS Control Tower

Deployment Considerations

Customizations for AWS Control Tower Initial Deployment

The solution must be launched in the same region and account where AWS Control Tower landing zone is deployed. By default, this solution creates and runs the custom configuration package through a configuration pipeline.

Configuration Source

By default, the template creates an Amazon Simple Storage Service (Amazon S3) bucket to store the sample configuration package as a zip file _custom-control-tower-configuration.zip. The S3 bucket is version controlled and you can update the configuration package as needed. For information about updating the configuration package, refer to Appendix A.

Note

The sample configuration package filename begins with an underscore (_) so that AWS CodePipeline is not automatically triggered. When you have completed the customization of the configuration package, ensure you upload the custom-control-tower-configuration.zip without the underscore (_) in order to trigger the deployment in AWS CodePipeline.

You can change the storage location of the configuration package from the S3 bucket to an AWS CodeCommit Git repository by selecting the AWS CodeCommit option in the AWS CloudFormation parameter. This option enables you to easily manage version control.

Note

When using the default S3 bucket, the configuration package should be available as a zip file. When using the AWS CodeCommit repository, the configuration package should be placed in the repository without zipping the files. For information about creating and storing the configuration package in AWS CodeCommit, refer to the Customizations for AWS Control Tower Developer Guide.

You can use the sample configuration package to create your own custom configuration source. When you are ready to deploy your custom configurations, manually upload the configuration package to either the S3 bucket or the AWS CodeCommit repository. The pipeline is automatically triggered when the configuration file is uploaded.

Note

When using AWS CodeCommit to store the configuration package, it is not necessary to zip the package. For information about creating and storing the configuration package in AWS CodeCommit, refer to the Customizations for AWS Control Tower Developer Guide.

Pipeline Configuration Parameters

The AWS CloudFormation template provides the option to manually approve the deployment of configuration changes. By default, manual approval is disabled. For more information, refer to Step 1. Launch the Stack.

When enabled, the configuration pipeline validates the customizations made to the AWS Control Tower file manifest and templates, then pauses the process until manual approval is granted. Once manual approval is received, the deployment executes the remaining pipeline stages that is needed to implement the Customizations for AWS Control Tower solution.

These parameters can be used to keep the customizations for the AWS Control Tower configuration from executing by rejecting the first attempt to run through the pipeline. It can also be used for manual validation of customizations for the AWS Control Tower configuration changes as a final control before implementation.

Customizations for AWS Control Tower Update

If you have previously deployed the solution, you must update the solution's CloudFormation stack to get the latest version of the solution's framework. For details, refer to Update the Stack.