Automate the process of setting up and configuring multiple accounts

If you’re planning a large-scale AWS deployment, you’re probably wondering how to orchestrate multiple applications and teams on AWS. How do you make sure that every team can access AWS without your accounts turning into sprawling, ungoverned chaos? 

For many companies, a multi-account structure can help meet the unique needs of each application team or business group. AWS provides free native tools like AWS Organizations to help provide central orchestration of multiple accounts, so that you can enforce security and billing configurations while still giving each team some degree of autonomy over their account. 

Still, maintaining multiple AWS accounts can require a lot of annoying administrative setup and is prone to configuration drift. A few years ago, AWS launched a series of new services to make that easier. AWS Control Tower is essentially an opinionated architecture that builds out a multi-account architecture with pre-configured security and access settings. 

At Logicworks, we’ve built many Control Tower deployments for companies in a wide variety of industries. The following best practices were gleaned through trial and error with Control Tower services, and we hope they help you answer common questions:

• Configure Account Factory’s VPC creation
• Use AWS Transit Gateway
• Enable Self-Service with AWS Service Catalog
• Use AWS Single Sign-On
• Reflect Internal Organization Structure & Patterns in Control Tower

A multi-account architecture is an ideal solution if you’re migrating a large, complex set of applications to AWS. AWS Control Tower is meant to help reduce the complexity of building and managing a multi-account structure long-term. 

Need help architecting a custom solution or managing your AWS Control Tower? Our team of AWS experts have designed hundreds of custom AWS environments and can help you get the most out of AWS. Contact Logicworks to learn more.