GlobalConfig / ControlTowerConfig

AWS Control Tower Landing Zone configuration.

Please use the following configuration to configure AWS Control Tower Landing Zone.

Example

controlTower:
enable: true
landingZone:
version: '3.3'
logging:
loggingBucketRetentionDays: 365
accessLoggingBucketRetentionDays: 3650
organizationTrail: true
security:
enableIdentityCenterAccess: true

Hierarchy

  • ControlTowerConfig

Implements

Constructors

Properties

Constructors

Properties

controls: ControlTowerControlConfig[] = []

A list of Control Tower controls to enable.

Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail. Please see this page for more information.

See

ControlTowerControlConfig for more information.

enable: boolean = true

Indicates whether AWS Control Tower enabled.

When control tower is enabled, accelerator makes sure account configuration file have three mandatory AWS CT accounts. In AWS Control Tower, three shared accounts in your landing zone are provisioned automatically during setup: the management account, the log archive account, and the audit account.

landingZone: undefined | ControlTowerLandingZoneConfig = undefined

AWS Control Tower Landing Zone configuration

See

ControlTowerLandingZoneConfig for more information.

Generated using TypeDoc