Interface IControlTowerConfig

*IGlobalConfig / IControlTowerConfig

Description

AWS Control Tower Landing Zone configuration

Example

controlTower:
  enable: true
  landingZone:
    version: '3.3'
    logging:
      loggingBucketRetentionDays: 365
      accessLoggingBucketRetentionDays: 3650
      organizationTrail: true
    security:
      enableIdentityCenterAccess: true

Hierarchy

  • IControlTowerConfig

Implemented by

Properties

controls? enable landingZone?

Properties

Optional Readonly controls

controls?: IControlTowerControlConfig[]

A list of Control Tower controls to enable.

Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail. Please see this page for more information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-controltower-enabledcontrol.html

See

IControlTowerControlConfig

Remarks

Only Strongly recommended and Elective controls are permitted, with the exception of the Region deny guardrail. Please see this page for more information: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-controltower-enabledcontrol.html

Readonly enable

enable: boolean

Indicates whether AWS Control Tower Landing Zone enabled.

When control tower is enabled, accelerator makes sure account configuration file have three mandatory AWS CT accounts. In AWS Control Tower, three shared accounts in your landing zone are provisioned automatically during setup: the management account, the log archive account, and the audit account.

Optional Readonly landingZone

landingZone?: IControlTowerLandingZoneConfig

AWS Control Tower Landing Zone configuration

See

IControlTowerLandingZoneConfig for more information.

Settings

Member Visibility

Theme

Generated using TypeDoc