Use AWS Control Tower in an unsupported region deployment.
AWS introduced the Control Tower solution as an extended version of AWS Organizations recently. AWS Control Tower has the following features. Some of them are supported by AWS Organizations. Major addition here OU wise Guard Rail Management. And also a lot of tasks are automated and provide ease to the people managing the AWS environment. One drawback from Organizations is nested OUs are not supported as for now.
- Account Management
- OU Management
- Guard rail Management OU wise.
- AWS SSO based User Management
Currently Control Tower is supported only in a few regions. But what the control tower does is manage accounts. AWS accounts are not regional. So should we worry about that and stop using Control Tower features? Answer is no.
Most of the things mentioned above are account or user management. So we could configure the control tower in one region and do the deployment in another region. How could we do that is the question.
In certain events, AWS Control Tower runs some CloudFormation templates on the region we set up the Landing Zone. For example at creation of an account or when configuring guard rails. We will have to pick these CloudFormation templates and run on the deployment region manually. And some templates are global so we don’t have to run them. But we have to figure out what are the CF templates that we need to execute.
Looks like a lot of work. Is there a way to simplify this?
Yes we can capture what needed to run on first account creation and keep them running after that. For your information I am adding two identified CF templates that need to be executed within the deployment region. This might get changed time to time. But you will get an idea on what I am explaining here.
Further I am adding the reference to the script that we can easily use to switch between accounts with CLI. I have shell scripts and also PowerShell Module. You may need to edit them and add your account information and may add new accounts to the files.
Cheers and Good luck!!!