Skip to content

cloudforet-io/plugin-aws-identity-account-collector

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits
.github
.github
 
 
pkg
pkg
 
 
src
src
 
 
test/api
test/api
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

plugin-aws-identity-account-collector

  • This collector collects aws accounts included within AWS Control Tower.
  • Specifically, this collector provides details needed for SpaceONE to automatically create General Service Accounts for customers.
  • Try looking into these documentations for better understanding of how Control Tower works and how it is structured.

Control Tower Overview

스크린샷 2024-03-12 오후 9 42 25
  • The Control Tower serves as a central location for managing multiple AWS accounts. It provides a set of pre-configured blueprints that help you quickly set up a multi-account environment based on AWS best practices.
  • The Control Tower uses AWS Organizations to create and manage accounts. This is the main reason why it is important to understand how AWS Organizations work(explained below).
  • Overall, there are some main components in Control Tower that are important to understand:
    • Landing Zone: The landing zone is the environment that you set up using Control Tower. It is the environment that you use to manage multiple AWS accounts.
    • Organizational Units (OUs): OUs are used to group accounts together. They are used to apply policies to a group of accounts.
    • Security: Security is a key OU of Control Tower. It is used to ensure that accounts in the organization are secure. There are 2 main components in the Security OU:
      • Audit: The audit account is used to store logs and audit information for the organization.
      • Log Archive: The log archive account is used to store logs and audit information for the organization.
    • Service Control Policies (SCPs): SCPs are used to control permissions in the organization. They are used to restrict permissions for accounts in the organization.
    • Guardrails: Guardrails are used to enforce policies in the organization. They are used to ensure that accounts in the organization are compliant with the policies.

Organization Overview

스크린샷 2024-03-12 오후 9 44 52
  • AWS Organzations is a service that allows you to create and manage multiple AWS accounts. It is used to group accounts together and apply policies to them.
  • Overall, there are some main components in Organizations that are important to understand:
    • Master Account(=Management Account in Control Tower): The primary AWS account that is used to create and manage an AWS Organization. The account is responsible for creating member accounts, defining organizational units (OUs), applying service control policies (SCPs), and managing billing and payment methods for all accounts within the organization.
    • Organizational Units (OUs): An organizational unit is a logical grouping of AWS accounts within an AWS Organization. OUs help in organizing and managing accounts based on common business needs.
    • Service Control Policies (SCPs): SCPs are policy documents that allow you to control which AWS services and features can be accessed by the accounts within an AWS Organization, or within specific OUs or individual accounts.

Code Flow (Version 1)

sync_aws_account_flow

Code Flow (Version 2)

account_sync_v3

About

No description or website provided.

Topics

plugin incubation

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

3 watching

Forks

2 forks
Report repository

Releases

8 tags

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages