![]() ![]() Initial deployment may require up to 30 minutes. Note: Deploying AFT through the Terraform module requires several minutes. It is your responsibility to protect the Terraform state file, which may contain sensitive data. These values may be viewable as plain text in Terraform state file, depending on your deployment method. Be sure to preserve the Terraform state file that’s generated, after applying the module, or set up a Terraform backend using Amazon S3 and DynamoDB.Ĭertain input variables may contain sensitive values, such as a private ssh key or Terraform token. Note: The AFT Terraform module does not manage a backend Terraform state. Otherwise, run the module from any environment that is authenticated with the required credentials. If you have established pipelines for managing Terraform in your environment, you can integrate this module into your existing workflow. Refer to the module’s README file for information about the input required to run the module and deploy AFT. You can view that module in the AFT repository. The Account Factory for Terraform module must be called while you are authenticated with AdministratorAccess credentials in your AWS Control Tower management account.ĪWS Control Tower, through the AWS Control Tower management account, vends a Terraform module that establishes all infrastructure necessary to orchestrate your AWS Control Tower account factory requests. Step 5: Call the Account Factory for Terraform module to deploy AFT AFT supports Terraform Version 0.15.x or later. ![]() This step assumes that you are experienced with Terraform, and that you have procedures in place for executing Terraform. Step 4: Ensure that the Terraform environment is available for deployment Validate that you have access to the AFT management account. Note: It can take up to 30 minutes for the account to be fully provisioned. When specifying a name, use "AFT-Management". When specifying an OU, be sure to select the OU you created in Step 2. To provision the AFT management account, see Provisioning Account Factory Accounts With AWS Service Catalog. From the AWS Control Tower management account that's associated with your AWS Control Tower landing zone, you'll provision this account for AFT. Step 3: Provision the AFT management accountĪFT requires a separate AWS account to manage and orchestrate its own requests. For instructions on how to create an OU, refer to Create an organization in the AWS Organizations User Guide. Create an OU through your AWS Control Tower management account. We recommend that you create a separate OU in your AWS Organization, where you will deploy the AFT management account. Step 2: Create a new organizational unit for AFT (recommended) ![]() You will configure and launch AFT from the AWS Control Tower management account. Step 1: Launch your AWS Control Tower landing zoneīefore launching AFT, you must have a working AWS Control Tower landing zone in your AWS account. This guide follows the deployment steps outlined in Deploy AWS Control Tower Account Factory for Terraform (AFT) Configure and launch your AWS Control Tower Account Factory for Terraformįive steps are required to configure and launch your AFT environment. It describes how to set up an Account Factory for Terraform (AFT) environment with a new, dedicated AFT management account. This guide is intended for administrators of AWS Control Tower environments who wish to set up Account Factory for Terraform (AFT) in their environment. You'll create an account request Terraform file, which provides the necessary input that triggers the AFT workflow for account provisioning.įor more information on AFT, see Overview of AWS Control Tower Account Factory for Terraform Getting started AWS Control Tower Account Factory for TerraformĪWS Control Tower Account Factory for Terraform (AFT) follows a GitOps model to automate the processes of account provisioning and account updating in AWS Control Tower. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |