敏捷治理：在当前环境中部署 AWS Control Tower.pdf

1、 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.C O P 3 5 4Agile Governance:Deploy AWS Control Tower in your current environmentPujah GovielTechnical Account ManagerAWSVijay Shekhar RaoSenior Systems EngineerAWS 2

2、025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Agenda01 Why use Control Tower02 Enable Control Tower in your environment03 Common challenges and best practices04 Key takeaways 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Why use AWS Control Tower?Enable end u

3、ser self-serviceGet continuous visibility into your AWS environmentStandardize account provisioningCentralize policy managementEnforce governance and compliance proactivelySet up a best-practices AWS environment in a few clicks 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Archi

4、tecture OverviewManagement accountAWS Control TowerAWS OrganizationsAWS IAM Identity CenterAWS CloudFormationStackSetsAWS Service Catalog(AWS Control Tower Account Factory)Security OUSandbox OU(Optional)Identity Center directoryLog Archive accountAudit accountProvisioned accountsAccount baselineCent

5、ralized AWS CloudTrail and AWS Config logsAccount baselineSecurity notificationsSecurity cross-account rolesAWS Config aggregatorAccount baselineNetwork baseline(Optional)AWS Backup(Optional)Central backup accountBackup vaultBackup administrator accountAWS Backup 2025,Amazon Web Services,Inc.or its

6、affiliates.All rights reserved.Whiteboarding 2025,Amazon Web Services,Inc.or its affiliates.All rights reserved.Deployment optionsGreenfieldBrownfieldCompletely new landing zone set upStarts with clean environmentCreates recommended OU structure from the scratchDeploy CT in New OrganizationRegister