Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.

AWS Control Tower Account Factory

The Customizations for AWS Control Tower solution combines AWS Control Tower and other highly-available, trusted AWS services to help customers more quickly set up a secure, multi-account AWS environment using AWS best practices.

This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security controls. A control (also known as a guardrail) is a high-level rule that provides ongoing governance for your overall AWS Control Tower environment.

Open Source AWS Control Tower

Automate the creation of multiple accounts in AWS Control Tower using a batch account creation process

No description available

No description available

automate the control, the purge and the management of AWS accounts assigned permanently to selected employees - foster innovation from cloud teams

No description available

This pattern describes how to use AWS Control Tower Controls, AWS Cloud Development Kit (CDK) and infrastructure as code to implement and administer preventive, detective and proactive security on AWS.

Automated AWS Organizations configuration for security operations

Automated AWS account hardening with AWS Control Tower and AWS Step Functions

AWS CloudFormation templates and Python code for AWS blog post on how to automate centralized backup at scale across AWS services using AWS Backup.

Sample CloudFormation templates and architecture for AWS Control Tower

ctower is a CLI application for managing GuardRail Controls across Organizational Units on AWS Control Tower.

The open source version of the AWS Control Tower docs. You can submit feedback & requests for changes by submitting issues in this repo or by making proposed changes & submitting a pull request.

Use AWS Control Tower from Terraform

No description available

No description available

No description available

AWS Control Tower and Lacework allow seamless multi-account cloud security. With Lacework and AWS Control Tower, enrolling a new AWS account now means security best practices and monitoring are automatically applied consistently across your organization. Account administrators can automatically add Lacework's security auditing and monitoring to new AWS accounts. All the required Lacework and AWS account configurations that allow access to AWS configuration and AWS CloudTrail logs are managed for you by Lacework’s AWS Control Tower integration.

Contains resources for adding Datadog monitoring to AWS accounts created with AWS Control Tower.

Cloud Formation resources for integrating Lacework with an AWS Organization (NOT using Control Tower)

No description available

This project is a framework for delivering governed DevSecOps CloudFormation Stacks across AWS Accounts in an AWS Organisations/AWS Control Tower account setup

Workshop to launch Amazon SageMaker Studio domain using AWS Service Catalog and AWS SSO in the AWS Control Tower environment, using AWS CloudFormation templates and lambda functions.

This repository contains the infrastructure as code to bootstrap your AWS Control Tower Account Factory for Terraform (AFT) following the best practices.

This cdk package installs a Lambda function, with an associated IAM role, and subscribes the Lambda function to Control Tower aggregate security notifications. In the event of a Control Tower rule violation (e.g. publicly accessible S3 bucket), the Lambda sends a notification to a web hook.

This repository provides a solution to automate provisioning of AWS Account in ServiceNow for Cloud Discovery and IT Operations management