Customising AWS Control Tower with Account Factory Customisations

At AWS re:Invent this year Account Factory Customisations was released. This post will walk you through how to configure and use the new functionality as in my opinion the documentation isn’t particularly clear as to how things work and there were also issues with the implementation steps when I first implemented it. Use Case For my specific situation that I’m utilising this for I want to deploy a VPC that leverages the Amazon VPC IP Address Manager (IPAM) for obtaining an IP CIDR Range since I don’t want to have to manually enter one each time and run the risk of overlapping address space. Continue reading

Announcements from AWS re:Invent 2022

AWS re:Invent is a learning conference hosted by AWS for the global cloud computing community in Las Vegas every year. The in-person event is in my opinion AWS’s showpiece event that features keynote announcements from the likes of Adam Selipsky, Werner Vogels, Peter de Sanctis & Swami Sivasubramanian. In addition, there are opportunities for training and certification as well as access to many technical sessions, plenty of networking opportunities and the infamous re:Play Party. Continue reading

Experts Exclusive Interview on the AWS Certified Global Community

Back in early September, I received a private message from one of the Admins of the AWS Certified Global Community as there team had noticed myself being a champion within the community’s discussions and they wanted to highlight my contributions. They have an ongoing series called Expert’s Exclusive, where they publish an exclusive interview with one of there own experts and they wanted to feature me in the series. It was quite a nice surprise and was the second time in my career where I’d been interviewed for a publication with the previous interview having been many years ago by Linux Academy who interviewed me regarding my AWS certification journey. Continue reading

Creating a Multi-Account CI/CD Pipeline with AWS CodePipeline

Whenever I’ve tried to learn a particular service or functionality within AWS, I find the best way is to do the ClickOps approach (i.e. Good Old Point and Click in the Console). Once I’ve figured out how to get it working via that method, I then go through the process of trying to automate it through Infrastructure as Code and in my case thats using AWS CloudFormation. One particular example of this was getting a bit more familiar with AWS CodePipeline so that I could try to automate the delivery of CloudFormation Templates across multiple AWS Accounts in a similar manner as to how you would deploy solutions in a Software Delivery Lifecycle (SDLC). Continue reading

Customising AWS Control Tower with CfCT

If you missed the previous posts on Deploying a Landing Zone with AWS Control Tower or you’ve not had much experience with the service, I’d recommend going back through and reading those firstly before continuing. Part 1 - Deploying AWS Control Tower Part 2 - AWS Control Tower Post Configuration Tasks focusing on Organisational Structure and Guardrails Part 3 - AWS Control Tower Post Configuration Tasks focusing on IAM Identity Center and Provisioning New AWS Accounts In this post, I’m going to walkthrough how you can start customising Control Tower using the Security Reference Architecture (SRA). Continue reading

Deploying a Landing Zone with AWS Control Tower - Part 3

Previously in Part 2 of this Walkthrough, I showed you how to create the organisational structure and enable guardrails within Control Tower. In this post, I’m going to walkthrough some of the remaining post configuration task including configuring IAM Identity Center and provisioning a new AWS Account through Account Factory. Configuring IAM Identity Center for Single Sign-On AWS IAM Identity Center (formerly known as AWS SSO) is a service that enables you to have a single point of entry for managing resources within all of your AWS Accounts in an organisation. Continue reading