Example solutions demonstrating how to implement patterns within the AWS Security Reference Architecture guide using CloudFormation (including Customizations for AWS Control Tower) and Terraform.

This repository describes how to use AWS Control Tower controls, HashiCorp Terraform, and infrastructure as code (IaC) to implement and administer preventive, detective, and proactive security controls. A control (also known as a guardrail) is a high-level rule that provides ongoing governance for your overall AWS Control Tower environment.

automate the control, the purge and the management of AWS accounts assigned permanently to selected employees - foster innovation from cloud teams

This pattern describes how to use AWS Control Tower Controls, AWS Cloud Development Kit (CDK) and infrastructure as code to implement and administer preventive, detective and proactive security on AWS.

AWS CloudFormation templates and Python code for AWS blog post on how to automate centralized backup at scale across AWS services using AWS Backup.

AWS Control Tower and Lacework allow seamless multi-account cloud security. With Lacework and AWS Control Tower, enrolling a new AWS account now means security best practices and monitoring are automatically applied consistently across your organization. Account administrators can automatically add Lacework's security auditing and monitoring to …

Workshop to launch Amazon SageMaker Studio domain using AWS Service Catalog and AWS SSO in the AWS Control Tower environment, using AWS CloudFormation templates and lambda functions.

Control Tower Statuses

CloudFormation Template that leverages a Custom Resource to invoke a Lambda Function that configures Amazon GuardDuty across the Organization. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower

Sample Configuration Package for the Customizations for AWS Control Tower solution.

CloudFormation Template that leverages a Custom Resource to invoke a Lambda Function that configures AWS Security Hub across the Organization. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower

CloudFormation Template that leverages a Custom Resource to invoke a Lambda Function that configures an IAM Password Policy. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower

The CloudFormation Resource Provider package for AWS Control Tower

AWS Professional Services Hub

aws resource (account, vpc, ec2) management library

CloudFormation Template that leverages a Custom Resource to invoke a Lambda Function that configures AWS Transit Gateway with East/West & Egress Inspection using AWS Network Firewall. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower

CloudFormation Template that leverages a Custom Resource to invoke a Lambda Function that configures Amazon Macie across the Organization. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower

CloudFormation Template that leverages a Custom Resource to invoke a Lambda Function that configures AWS Access Analyser across the Organization. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower

CloudFormation Templates that leverages a Custom Resource to invoke a Lambda Function that enables Delegated Administration of VPC IPAM in the Organization and then configures VPC IPAM. Specifically this has been designed for the purpose of implementing via Customisations for Control Tower