本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
使用以下方式建立新 landing zone AWS CloudFormation
從主 AWS CloudFormation 控台或使用 AWS CLI部署下列 AWS CloudFormation 範本以建立 landing zone 域。
Parameters: Version: Type: String Description: The version number of Landing Zone GovernedRegions: Type: List Description: List of governed regions SecurityOuName: Type: String Description: The security Organizational Unit name SandboxOuName: Type: String Description: The sandbox Organizational Unit name CentralizedLoggingAccountId: Type: String Description: The AWS account ID for centralized logging SecurityAccountId: Type: String Description: The AWS account ID for security roles LoggingBucketRetentionPeriod: Type: Number Description: Retention period for centralized logging bucket AccessLoggingBucketRetentionPeriod: Type: Number Description: Retention period for access logging bucket KMSKey: Type: String Description: KMS key ARN used by CloudTrail and Config service to encrypt data in logging bucket Resources: MyLandingZone: Type: 'AWS::ControlTower::LandingZone' Properties: Version: Ref: Version Tags: - Key: "keyname1" Value: "value1" - Key: "keyname2" Value: "value2" Manifest: governedRegions: Ref: GovernedRegions organizationStructure: security: name: Ref: SecurityOuName sandbox: name: Ref: SandboxOuName centralizedLogging: accountId: Ref: CentralizedLoggingAccountId configurations: loggingBucket: retentionDays: Ref: LoggingBucketRetentionPeriod accessLoggingBucket: retentionDays: Ref: AccessLoggingBucketRetentionPeriod kmsKeyArn: Ref: KMSKey enabled: true securityRoles: accountId: Ref: SecurityAccountId accessManagement: enabled: true
