{"id":77010,"date":"2023-01-25T18:11:37","date_gmt":"2023-01-25T18:11:37","guid":{"rendered":"https:\/\/www.globallogic.com\/il\/insights\/%insight%\/deploying-a-landing-zone-with-aws-control-tower-part-3\/"},"modified":"2025-01-20T07:16:47","modified_gmt":"2025-01-20T07:16:47","slug":"deploying-a-landing-zone-with-aws-control-tower-part-3","status":"publish","type":"insightsection","link":"https:\/\/www.globallogic.com\/il\/insights\/blogs\/deploying-a-landing-zone-with-aws-control-tower-part-3\/","title":{"rendered":"Deploying a Landing Zone with AWS Control Tower – Part 3"},"content":{"rendered":"
In this post, we\u2019re going to walkthrough some of the remaining post configuration tasks including configuring IAM Identity Center and provisioning a new AWS Account through Account Factory.<\/p>\n
AWS IAM Identity Center (formerly known as AWS SSO) is a service that enables you to have a single point of entry for managing resources within all of your AWS Accounts in an organisation.<\/p>\n
As part of the Control Tower deployment this gets enabled using the native Identity Center directory. This allows you to create Users, Groups and Permission Sets that, when assigned to an AWS Account, would allow you to authenticate and have authorisation to different resources based on the policies defined in the Permission Set. Whilst the Identity Center directory is the default configuration, a post deployment activity is typically to change this to either a 3rd Party Identity Provider such as Azure Active Directory or to perhaps an on-premise Active Directory Domain (AAD).<\/p>\n
For those without access to an Azure Active Directory Domain, please refer to the instructions below:<\/p>\n