AWS Landing Zone Accelerator - Part 2: Organizational Units and Account Configuration
In Part 1 of our AWS Landing Zone Accelerator (LZA) series, we introduced the LZA and its benefits. Now, we’ll explore configuring OUs and other essential organizational settings, along with the process of creating AWS accounts within your LZA environment.
Prerequisites
Before we get started, let’s make sure you have the following:
- Access to the AWS Management account: You’ll need the right permissions to make changes to the LZA setup.
- Permissions to update the LZA configuration: This means being able to edit the files that control how the LZA works (e.g., in the aws-accelerator-config repository).
- A brand new email address: This will be used for the new AWS account you’re setting up.
- Git access: You’ll need to be able to download and upload the LZA configuration files from and to the aws-accelerator-config repository.
- AWS CLI ready to go: Make sure you have the AWS Command Line Interface installed and set up on your computer.
- The right permissions in Microsoft Entra ID: You’ll need to be able to create and manage groups in Microsoft Entra ID, and connect them to AWS IAM Identity Center (this is what you use to control who can access your AWS accounts).
Important Note: I’m assuming you’ve already set up the LZA in your AWS environment by following the official guide: https://docs.aws.amazon.com/solutions/latest/landing-zone-accelerator-on-aws/step-1.-launch-the-stack.html. This means you’ve got the basic LZA structure in place.
Continue reading