Skip to content

Frequently Asked Questions

What is AFT Blueprints and how can I leverage it for my organization?

AFT Blueprints provides a collection of pre-defined architectural patterns for AWS Control Tower landing zones using Account Factory for Terraform (AFT). You can either copy pattern content into your own AFT repositories as a starting point, or use them as reference guides to build custom patterns tailored to your organization's needs.

What prerequisites must be in place before implementing AFT Blueprints?

You need an AWS account with AWS Organizations with all features enabled, AWS Control Tower, and AWS IAM Identity Center set up. Additionally, you need a dedicated AWS account within the same organization to deploy and manage AFT, plus AWS CLI and Terraform installed locally.

What are the options for bootstrapping AFT?

You have three options:

  1. Use the aft-bootstrap-pipeline. See the implementation guide.
  2. Follow the steps in the AWS Control Tower Guide workshop.
  3. Follow the Deploy AWS Control Tower Account Factory for Terraform (AFT) guide in the AWS Control Tower documentation.

Which architectural patterns are available in AFT Blueprints?

AFT Blueprints offers three main patterns:

  1. Single Region Basic - A foundational cloud architecture in a single AWS Region
  2. Multi Region Basic - Extends the basic pattern across multiple AWS Regions
  3. Multi Region Advanced - Adds advanced networking features like centralized inspection

Each pattern provides different components and architectures with varying complexity and cost implications.

Which core accounts are needed for implementing AFT Blueprints?

The required accounts are:

  1. Control Tower shared accounts - Log Archive and Security Tooling
  2. Network account - For centralized network management and AWS VPC IP Address Manager (IPAM)
  3. Backup account - For centralized AWS Backup management
  4. Identity account - For AWS IAM Identity Center and IAM Access Analyzer

These accounts serve as centralized hubs for their respective functions within the organization.

Can I modify the blueprints to meet my organization's specific requirements?

Yes, the patterns are provided as examples and are meant to be modified after cloning the repository. As stated in the README: "You are free to customize the provided patterns to meet their specific needs" and "The code in this repository is provided as an example only, and is not intended for production use."

Can I run the AFT customization terraform code locally?

Yes, you can use the aft-local.sh script available in this repository.