I'm in the process of shifting my start-up from GCP to AWS and just set up a new AWS Organization. I'm keen on maximizing automation and achieving strong isolation with minimal blast radius. I'm using Terraform for provisioning, and I'd like to gather insights on how far others typically go in automating organization-level resources. Specifically, do you guys codify Identity Center permission sets and group assignments? Do you create new Organizational Units (OUs) and accounts with Terraform, or is it better to manage some of these aspects manually? Also, looking for pointers on what's considered a sustainable approach for a long-lived production environment. Thanks!
1 Answer
Terraform can definitely handle most organizational setups, but be warned that AWS doesn’t make it super straightforward. I recommend having a single landing zone repository with multiple Terraform states. You would want some structure like having separate folders for configuration, baseline setups, security, and shared services. Avoid relying on Control Tower too much to maintain that flexibility!
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads