# AWS Control Tower Activation Day Thank you all for joining us for this AWS Control Tower Activation Day, a day where we will talk about multi-account strategy and how AWS Control Tower can help you to keep your environment safe and compliant. ## Agenda * 9:00 - 9:20 Kick-off and Introduction * 9:20 - 9:30 Control Tower - Core Labs - Deployment * 9:30 - 10:00 Control Tower Presentation * 10:00 - 10:15 Control Tower - Core Labs - Deep Dive * * 10:15AM - 10:30 Break * * 10:30 - 11:00 Muli-Account strategy * 11:00 - 11:15 Q&A * 11:15 - 12:00 Control Tower - Core Labs - Account Factory * * 12:00 - 12:30 Lunch * * 12:30 - 15:00 Labs * Tasks in Control Tower https://controltower.aws-management.tools/core/cttasks/ * Deploy Additional Services https://controltower.aws-management.tools/deployment/deployaddservices/ * (Opt*) Single Sign On - Okta https://controltower.aws-management.tools/aa/sso/okta/ * 15:00 - 15:15 Survey * 15:15 - 15:30 Decomissioning CT ## Virtual meeting Rooms Links to: ## Labs Link to labs: https://controltower.aws-management.tools/ ## Survey Link to Survey: https://survey.immersionday.com/-4v77MknR ## Useful links: [Control Tower Getting Started Guide](https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-with-control-tower.html) [AWS Secure Account Setup](https://aws.amazon.com/answers/security/aws-secure-account-setup/) [Getting Started: Follow Security Best Practices as You Configure Your AWS Resources](https://aws.amazon.com/blogs/security/getting-started-follow-security-best-practices-as-you-configure-your-aws-resources/) [Building a Scalable and Secure Multi-VPC AWS Network Infrastructure](https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf) [AWS Service Catalog Connector for ServiceNow](https://aws.amazon.com/blogs/aws/new-aws-service-catalog-connector-for-servicenow/) [Automating AWS Security Hub Alerts wiht AWS Control Tower lifecycle events](https://aws.amazon.com/blogs/mt/automating-aws-security-hub-alerts-with-aws-control-tower-lifecycle-events/) [How to Detect and Mitigate Guardrail Violation with AWS Control Tower](https://aws.amazon.com/blogs/mt/how-to-detect-and-mitigate-guardrail-violation-with-aws-control-tower/) ### GuardDuty: Installing this Customization will enable GuardDuty in all AWS Control Tower managed accounts, with the Audit account acting as the default GuardDuty Master: https://github.com/aws-samples/aws-control-tower-guardduty-enabler ### AWS SSO with Azure AD: Evolution of Single Sign-on - Integrate with Azure AD with automatic user provisioning: https://aws.amazon.com/blogs/aws/the-next-evolution-in-aws-single-sign-on/ ### AWS SSO via CLI 2.0: With AWS CLI 2.0 you can easily configure one or more of your AWS CLI named profiles (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) to use a role from AWS SSO https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html ### Serverless Transit Network Orchestrator (STNO) The Serverless Transit Network Orchestrator (STNO) solution adds automation to AWS Transit Gateway. This solution provides the tools necessary to automate the process of setting up and managing transit networks in distributed AWS environments. A web interface is created to help control, audit, and approve (transit) network changes. STNO supports both AWS Organizations (https://aws.amazon.com/organizations/) and standalone AWS account types. https://aws.amazon.com/solutions/implementations/serverless-transit-network-orchestrator/  ### AWS Control Tower in existing AWS Organization AWS Control tower can how be enabled in existing Organizations: https://www.youtube.com/watch?v=y6QLFn00A3U (https://www.youtube.com/watch?v=y6QLFn00A3U&feature=youtu.be) ### AWS Config Conformance Packs: You can prepare accounts to get enrolled in Control Tower, with Conformance Packs: https://docs.aws.amazon.com/config/latest/developerguide/aws-control-tower-detective-guardrails.html