Presentation

Using Terraform with AWS Control Tower via AFT

Published 11:00 AM UTC Sep 19, 2022

Get a practical introductory guide to the AWS Control Tower Account Factory for Terraform (AFT) and how it can bring GitOps automation to a multi-account AWS architecture.

»Background on AWS Control Tower

Initially the multi-account vending system for AWS was called Landing Zones. Eventually Landing Zones got rebranded and restructured as AWS Control Tower. It's an opinionated way for provisioning your AWS accounts with management tools like dashboards.

There are no public API endpoints for AWS Control Tower, so the only ways to automate provisioning are:

Manual provisioning - ClickOps
Customizations for AWS Control Tower (CfCT) - which uses CloudFormation
Target underlying AWS services that do have a Terraform provider or use a provider like idealo/controltower that does that for you
AWS Control Tower Account Factory for Terraform (AFT)

»Using AFT

This code and architecture example walkthrough from The Scale Factory's Marko Bevc is a great consultancy-perspective introduction to AFT and the advantages it has:

Using HCLv2
GitOps driven workflow
Fully into both AWS and Terraform ecosystems with support
Security built-in and aligned with Well-Architected Framework practices

Sign up for the latest HashiCorp news

More resources like this one

2/3/2023Case Study

Automating Multi-Cloud, Multi-Region Vault for Teams and Landing Zones

1/5/2023Case Study

How Discover Manages 2000+ Terraform Enterprise Workspaces

12/22/2022Case Study

Architecting Geo-Distributed Mobile Edge Applications with Consul

12/13/2022White Paper

A Field Guide to Zero Trust Security in the Public Sector

View all resources