728x90
반응형
- user+management@example.com - for your management account
- user+logs@example.com - for your log archive account
- user+audit@example.com - for your audit account
- user+sandbox@example.com - for your sandbox account, created via the Account factory
AWS CLI v2 with IAM Identity Center
From your terminal, run the following command to sign-in to IAM Identity Center.
aws configure sso
Profile name [AWSAdministratorAccess-0112xxxxxxxx]: ManagementAccount
aws sts get-caller-identity --query 'Account' --output text --profile ManagementAccount
Control catalog
SCP (Service Control Policy), RCP (Resource Control Policy)
SCP: 모든 IAM 주체(사용자, 역할)에게 영향
RCP: 리소스 레벨 (지원 리소스: S3 버킷, Lambda 함수)
Account Factory에서 Default VPC 설정 수행 시
Control Tower 관리 CloudFormation Stack 확인
- Account Baseline, Security Baseline이 기본으로 설정됨, CT 관리 계정에서 CloudFormation StackSet으로 관리됨
References:
AWS Control Tower Guide, https://catalog.workshops.aws/control-tower/en-US/prerequisites/email-addresses
AWS Control Tower Workshop
AWS Control Tower Workshop Studio
catalog.workshops.aws
728x90
728x90
'Networking > AWS' 카테고리의 다른 글
| [Control Tower] sts:AssumeRoot (BreakGlassAssumeRoot) (0) | 2026.03.16 |
|---|---|
| Enable AWS Control Tower (0) | 2026.02.10 |
| [AWS] CloudFormation Workshop#01 - template and stack (0) | 2025.11.20 |
| AWS certificate (0) | 2025.11.03 |
| [AWS] Route53 S2S VPN (0) | 2025.10.29 |