# AWS Control Tower Activation Day May 27 2020 Thank you all for joing us in this AWS Control Tower Activation day, a day filled with great learnings where we talked about multi-account strategy and how AWS Control tower can help you keep your environment secure and compliant. <!-- # Please fill out the survey: [here](SURVEYLINK_WITH_HTTP).--> You can get the slides [here](https://aws-tam-private-gmagella.s3.amazonaws.com/control_tower/AWS_Control_Tower_Customer_Activation.pdf?AWSAccessKeyId=AKIA2RPYDTT6NLIIQDX5&Signature=S4w5dQu%2Fyd6ivw6hkcQV7mzksks%3D&Expires=1594243413). [![Get The slides](https://i.imgur.com/XF2afaj.png)](https://aws-tam-private-gmagella.s3.amazonaws.com/control_tower/AWS_Control_Tower_Customer_Activation.pdf?AWSAccessKeyId=AKIA2RPYDTT6NLIIQDX5&Signature=S4w5dQu%2Fyd6ivw6hkcQV7mzksks%3D&Expires=1594243413) Here is the URL for the self-paced labs: https://controltower.aws-management.tools/ ## Useful Links: [Control Tower Getting Started Guide](https://docs.aws.amazon.com/controltower/latest/userguide/getting-started-with-control-tower.html) [AWS Secure Account Setup](https://aws.amazon.com/answers/security/aws-secure-account-setup/) [Getting Started: Follow Security Best Practices as You Configure Your AWS Resources](https://aws.amazon.com/blogs/security/getting-started-follow-security-best-practices-as-you-configure-your-aws-resources/) [Building a Scalable and Secure Multi-VPC AWS Network Infrastructure](https://d1.awsstatic.com/whitepapers/building-a-scalable-and-secure-multi-vpc-aws-network-infrastructure.pdf) [AWS Service Catalog Connector for ServiceNow](https://aws.amazon.com/blogs/aws/new-aws-service-catalog-connector-for-servicenow/) [Automating AWS Security Hub Alerts wiht AWS Control Tower lifecycle events](https://aws.amazon.com/blogs/mt/automating-aws-security-hub-alerts-with-aws-control-tower-lifecycle-events/) ### Contas de Experimentação – Como implantar uma solução sem servidor para recursos efêmero Este blog post apresenta uma solução para gerenciar o ciclo de vida de uma conta AWS separada que fica dedicada para experimentação: https://aws.amazon.com/pt/blogs/aws-brasil/contas-de-experimentacao-como-implantar-uma-solucao-sem-servidor-para-recursos-efemeros/ ### GuardDuty Enabler: Installing this Customization will enable GuardDuty in all AWS Control Tower managed accounts, with the Audit account acting as the default GuardDuty Master: https://github.com/aws-samples/aws-control-tower-guardduty-enabler ### AWS SSO allows automatic provisioning through SCIM: Evolution of Single Sign-on - Integrate with Azure AD with automatic user provisioning: https://aws.amazon.com/blogs/aws/the-next-evolution-in-aws-single-sign-on/ ### AWS SSO with AWS CLI 2.0: With AWS CLI 2.0 you can easily configure one or more of your AWS CLI named profiles (https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) to use a role from AWS SSO https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-sso.html ### Serverless Transit Network Orchestrator (STNO) The Serverless Transit Network Orchestrator (STNO) solution adds automation to AWS Transit Gateway. This solution provides the tools necessary to automate the process of setting up and managing transit networks in distributed AWS environments. A web interface is created to help control, audit, and approve (transit) network changes. STNO supports both AWS Organizations (https://aws.amazon.com/organizations/) and standalone AWS account types. https://aws.amazon.com/solutions/implementations/serverless-transit-network-orchestrator/ ![](https://i.imgur.com/VYfYDqD.png) ### AWS Control Tower can be deployed in Existing Organizations: AWS Control tower can how be enabled in existing Organizations: https://www.youtube.com/watch?v=y6QLFn00A3U (https://www.youtube.com/watch?v=y6QLFn00A3U&feature=youtu.be) ### AWS Config Conformance Packs: You can prepare accounts to get enrolled in Control Tower, with Conformance Packs: https://docs.aws.amazon.com/config/latest/developerguide/aws-control-tower-detective-guardrails.html ### [Off Topic]: Cloud Custodian pipeline: This open-source solution can help you create custom policies to control other aspects of your account, it can integrate with Config and Security hub. https://github.com/gmagella-ca/custodian-pipeline