- This collector collects aws accounts included within AWS Control Tower.
- Specifically, this collector provides details needed for SpaceONE to automatically create General Service Accounts for customers.
- Try looking into these documentations for better understanding of how Control Tower works and how it is structured.
- The Control Tower serves as a central location for managing multiple AWS accounts. It provides a set of pre-configured blueprints that help you quickly set up a multi-account environment based on AWS best practices.
- The Control Tower uses AWS Organizations to create and manage accounts. This is the main reason why it is important to understand how AWS Organizations work(explained below).
- Overall, there are some main components in Control Tower that are important to understand:
- Landing Zone: The landing zone is the environment that you set up using Control Tower. It is the environment that you use to manage multiple AWS accounts.
- Organizational Units (OUs): OUs are used to group accounts together. They are used to apply policies to a group of accounts.
- Security: Security is a key OU of Control Tower. It is used to ensure that accounts in the organization
are secure. There are 2 main components in the Security OU:
- Audit: The audit account is used to store logs and audit information for the organization.
- Log Archive: The log archive account is used to store logs and audit information for the organization.
- Service Control Policies (SCPs): SCPs are used to control permissions in the organization. They are used to restrict permissions for accounts in the organization.
- Guardrails: Guardrails are used to enforce policies in the organization. They are used to ensure that accounts in the organization are compliant with the policies.
- AWS Organzations is a service that allows you to create and manage multiple AWS accounts. It is used to group accounts together and apply policies to them.
- Overall, there are some main components in Organizations that are important to understand:
- Master Account(=Management Account in Control Tower): The primary AWS account that is used to create and manage an AWS Organization. The account is responsible for creating member accounts, defining organizational units (OUs), applying service control policies (SCPs), and managing billing and payment methods for all accounts within the organization.
- Organizational Units (OUs): An organizational unit is a logical grouping of AWS accounts within an AWS Organization. OUs help in organizing and managing accounts based on common business needs.
- Service Control Policies (SCPs): SCPs are policy documents that allow you to control which AWS services and features can be accessed by the accounts within an AWS Organization, or within specific OUs or individual accounts.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent