HashiCorp Teams with AWS on New Control Tower Account Factory for Terraform
AWS Control Tower Account Factory for HashiCorp Terraform (AFT), the evolution of Terraform Landing Zones, offers an easy way to set up and govern a secure, multi-account AWS environment.
HashiCorp Terraform lets practitioners provision Amazon Web Services (AWS) infrastructure in minutes. But many enterprises also want to maintain multiple AWS accounts in order to create a strong isolation barrier between workloads, each with their own security, access controls, and auditability. The AWS Control Tower team and HashiCorp have been working on a new way to accommodate these needs and today, we are pleased to support AWS as it announces the launch of AWS Control Tower Account Factory for HashiCorp Terraform (AFT).
» What is AWS Control Tower AFT?
AWS Control Tower provides an easy way to set up and govern secure, multi-account AWS environments, often referred to as landing zones. AWS Control Tower AFT is a Terraform pipeline to provision and customize your AWS Control Tower-governed accounts. AFT adds the Terraform provision and management option to AWS Control Tower’s multi-account provisioning, meaning that infrastructure engineers can accelerate velocity by using the familiar tool they already know.
This solution is the evolution of AWS Terraform Landing Zones (TLZs) and couples the governance of an AWS-managed service with a Terraform-based account provisioning pipeline.
» What Does AWS Control Tower AFT Do?
AWS Control Tower AFT allows for centralized AWS account vending with security, compliance controls, and consistent operating procedures baked in from the point of account creation. Account Factory for Terraform includes best practices such as centralized audit and logging, programmatic security configuration, and account isolation with controls for shared services.
AWS and HashiCorp customers can customize AWS Control Tower AFT to meet their organization’s standard procedures and guidelines. AFT customization can include additional guardrails, network configurations, roles and permissions, and more. You can configure the pipeline to use your own custom Terraform modules, or choose from pre-published Terraform modules for common products and configurations. Using public or private Terraform modules, customers can target the customization to specific accounts or globally across their organizations.
AFT includes feature options owned and supported by AWS and built to AWS’ prescriptive guidance, such as AWS CloudTrail data events for Amazon S3, automated enterprise support enrollment, and deletion of default VPCs in all regions.
AWS Control Tower AFT works with Terraform open source, Terraform Cloud, and Terraform Enterprise. Organizations can use vended accounts from AWS Control Tower combined with governance, policy as code, and self-service infrastructure capabilities within Terraform Cloud or Terraform Enterprise.
The compliance and management functionality found in Terraform Cloud and Terraform Enterprise is complementary to AWS Control Tower’s governance applied via service control policies and AWS Config. HashiCorp Terraform Cloud and Enterprise empower self-service infrastructure by managing state, variables, workspaces, and approved Terraform modules. HashiCorp Sentinel’s embeddable policy as code framework provides the additional capability to create and enforce policy during each Terraform workflow.
Control Tower Account Factory for Terraform makes it easier for customers to efficiently provision vetted, secured, and standardized infrastructure and achieve consistent governance and compliance requirements across all AWS accounts.
» Getting Started with AWS Control Tower AFT
You can get started with AWS Control Tower AFT today by following the HashiCorp Learn tutorial: Provision AWS Accounts Using Account Factory for Terraform. In addition, the AWS Control Tower User Guide now includes AFT. For more information, read the AWS blog.
If your enterprise is new to Terraform and would like to take advantage of AWS Control Tower AFT as well as the variety of enterprise features in HashiCorp Terraform Cloud and Terraform Enterprise, please contact our sales team.
We would love to hear your feedback about AWS Control Tower Account Factory for HashiCorp Terraform; please share your comments on the HashiCorp Discuss Forum. For issues and feature requests, please visit the AFT GitHub repository.
Sign up for the latest HashiCorp news
More blog posts like this one
Fix the developers vs. security conflict by shifting further left
Resolve the friction between dev and security teams with platform-led workflows that make cloud security seamless and scalable.
HashiCorp at AWS re:Invent: Your blueprint to cloud success
If you’re attending AWS re:Invent in Las Vegas, Dec. 2 - Dec. 6th, visit us for breakout sessions, expert talks, and product demos to learn how to take a unified approach to Infrastructure and Security Lifecycle Management.
Speed up app delivery with automated cancellation of plan-only Terraform runs
Automatic cancellation of plan-only runs allows customers to easily cancel any unfinished runs for outdated commits to speed up application delivery.