Overview

Amazon Web Services (AWS) offers a diverse array of services and features that allow for flexible control of AWS cloud computing resources and the associated AWS account(s) that manage them. Given the large number of design choices available, the manual process of setting up and configuring a multi-account AWS environment can be a time-consuming task. AWS Control Tower helps customers set up a landing zone in their AWS accounts based on best practices for ongoing governance over AWS workloads. Before deploying this solution, customers must have an AWS Control Tower landing zone deployed in their account.

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices. This solution enables customers to easily add customizations to their AWS Control Tower landing zone using an AWS CloudFormation template and service control policies (SCPs). You can deploy the custom template and policies to individual accounts and organizational units (OUs) within your organization. This solution integrates with AWS Control Tower lifecycle events to ensure that resource deployments stay in sync with the customer's landing zone. For example, when a new account is created using the AWS Control Tower account factory, the solution ensures that all resources attached to the account's OUs will be automatically deployed.

Cost

You are responsible for the cost of the AWS services used while running this solution. As of the date of publication, the cost for running this solution depends on the number of AWS CodePipeline executions, the duration of AWS CodeBuild runs, the number and duration of AWS Lambda functions, and the number of Amazon EventBridge events published. For example, if you execute 100 builds in one month using build.general1.small where each build runs for five minutes, then the approximate cost for running this solution is $3.00 per month. For full details, see the pricing webpage for each AWS service you will be using in this solution.

The Amazon Simple Storage Service (Amazon S3) bucket and AWS CodeCommit Git-based repository resources are retained after the solution template is deleted to protect the customer configuration. Depending on the option selected, you are charged based on the amount of data stored in the S3 bucket and the number of Git requests (not applicable to Amazon S3 resource). Refer to Amazon S3 and AWS CodeCommit pricing for details.

Warning Javascript is disabled or is unavailable in your browser.

To use the AWS Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Home

Architecture