本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
使用创建新的着陆区 AWS CloudFormation
从 AWS CloudFormation 控制台或使用 AWS CLI,部署以下 AWS CloudFormation 模板来创建 landing zone。
Parameters: Version: Type: String Description: The version number of Landing Zone GovernedRegions: Type: List Description: List of governed regions SecurityOuName: Type: String Description: The security Organizational Unit name SandboxOuName: Type: String Description: The sandbox Organizational Unit name CentralizedLoggingAccountId: Type: String Description: The AWS account ID for centralized logging SecurityAccountId: Type: String Description: The AWS account ID for security roles LoggingBucketRetentionPeriod: Type: Number Description: Retention period for centralized logging bucket AccessLoggingBucketRetentionPeriod: Type: Number Description: Retention period for access logging bucket KMSKey: Type: String Description: KMS key ARN used by CloudTrail and Config service to encrypt data in logging bucket Resources: MyLandingZone: Type: 'AWS::ControlTower::LandingZone' Properties: Version: Ref: Version Tags: - Key: "keyname1" Value: "value1" - Key: "keyname2" Value: "value2" Manifest: governedRegions: Ref: GovernedRegions organizationStructure: security: name: Ref: SecurityOuName sandbox: name: Ref: SandboxOuName centralizedLogging: accountId: Ref: CentralizedLoggingAccountId configurations: loggingBucket: retentionDays: Ref: LoggingBucketRetentionPeriod accessLoggingBucket: retentionDays: Ref: AccessLoggingBucketRetentionPeriod kmsKeyArn: Ref: KMSKey enabled: true securityRoles: accountId: Ref: SecurityAccountId accessManagement: enabled: true
