{"id":77056,"date":"2023-01-25T21:15:00","date_gmt":"2023-01-25T21:15:00","guid":{"rendered":"https:\/\/www.globallogic.com\/il\/insights\/%insight%\/customising-aws-control-tower-with-cfct\/"},"modified":"2024-11-05T06:10:15","modified_gmt":"2024-11-05T06:10:15","slug":"customising-aws-control-tower-with-cfct","status":"publish","type":"insightsection","link":"https:\/\/www.globallogic.com\/il\/insights\/blogs\/customising-aws-control-tower-with-cfct\/","title":{"rendered":"Customising AWS Control Tower with CfCT"},"content":{"rendered":"<div class=\"classic_editor_content\">If you missed the previous posts on Deploying a Landing Zone with AWS Control Tower or you\u2019ve not had much experience with the service, we\u2019d recommend reading Parts 1 to 3 before continuing.<\/p>\n<ul>\n<li>Part 1 &#8211; Deploying AWS Control Tower<\/li>\n<li>Part 2 &#8211; <a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/www.globallogic.com\/insights\/blogs\/deploying-a-landing-zone-with-aws-control-tower-part-2\/\">AWS Control Tower<\/a> Post Configuration Tasks focusing on Organisational Structure and Guardrails<\/li>\n<li>Part 3 &#8211; AWS Control Tower Post Configuration Tasks focusing on IAM Identity Center and Provisioning New AWS Accounts<\/li>\n<\/ul>\n<p>In this post, we\u2019re going to walkthrough how you can start customising Control Tower using the\u00a0<a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/docs.aws.amazon.com\/prescriptive-guidance\/latest\/security-reference-architecture\/welcome.html\">Security Reference Architecture (SRA)<\/a>. The SRA utilises\u00a0<a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/aws.amazon.com\/solutions\/implementations\/customizations-for-aws-control-tower\/\">Customisations for Control Tower (CfCT)<\/a>\u00a0which deploys a DevOps pipeline that works with CloudFormation templates and Control Tower lifecycle events.<\/p>\n<p>By no means is this the only way of customising the Landing Zone that Control Tower deploys, but it\u2019s how the previous version of AWS Landing Zones was based upon and therefore, more users will be familiar with its setup and configuration. It does have some drawbacks though, in that it is only single threaded and therefore slow in large environments.<\/p>\n<p>Here are some alternatives:<\/p>\n<ul>\n<li><a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/service-catalog-tools-workshop.com\/\">Service Catalog Tools<\/a><\/li>\n<li><a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/github.com\/awslabs\/aws-deployment-framework\">AWS Deployment Framework (ADF)<\/a><\/li>\n<li><a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/github.com\/aws-ia\/terraform-aws-control_tower_account_factory\">Account Factory for Terraform<\/a><\/li>\n<\/ul>\n<h4>Why would I want to customise Control Tower?<\/h4>\n<p>The easiest way to answer this question is simply because whilst Control Tower provides the foundations for a Well-Architected Multi-Account Landing Zone, it\u2019s not completely perfect.<\/p>\n<p>In terms of AWS Services, Control Tower is still in its infancy and whilst AWS is constantly adding new functionality and guardrails, there are still some basic best practices that aren\u2019t there natively. For example, in Part Three we mentioned that AWS Config doesn\u2019t get configured in the Management Account but it is in every other Member AWS Account.<\/p>\n<p>The reality is, there is no one size fits all, but there are synergies between them. With this in mind, the majority of organisations will need to tailor the Landing Zone to meet their specific security and governance requirements.<\/p>\n<h4>Enable Trusted Access for CloudFormation StackSets in AWS Organisations<\/h4>\n<p>If you already have Control Tower enabled for you, this next section might not be relevant. However, it\u2019s always worth double checking just to play safe.<\/p>\n<ul>\n<li>Login to the AWS Management Console using an Account with administrative permissions and navigate to the AWS Organisations Console. This should be done within the Management Account.<\/li>\n<\/ul>\n<ul>\n<li>Click\u00a0<strong>Services<\/strong>.<\/li>\n<\/ul>\n<ul>\n<li>Scroll down to CloudFormation StackSets and check that its Trusted Access is set to\u00a0<strong>Access enabled<\/strong>. If not, then Click\u00a0<strong>CloudFormation StackSets<\/strong>\u00a0and then Click\u00a0<strong>Enable trusted access<\/strong>.<\/li>\n<\/ul>\n<h4>Configure an AWS CLI Profile to the Management Account<\/h4>\n<ul>\n<li>Establish an AWS CLI Profile to the Management Account with administrative credentials via the AWS CLI using either a Command Prompt or from Powershell:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79437\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/11\/2023\/07\/Screenshot-2023-01-25-at-18.29.43_4630116.png\" alt=\"\" width=\"162\" height=\"21\" \/><\/p>\n<ul>\n<li>In the SSO start URL, type the\u00a0<strong>URL of the SSO Login page<\/strong>. For example.,\u00a0<a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/d-1234567890.awsapps.com\/start\">https:\/\/d-1234567890.awsapps.com\/start<\/a>\u00a0This can be found by logging into the IAM Identity Center Console and looking for the AWS access portal URL in the Settings.<\/li>\n<li>In the SSO Region, type the\u00a0<strong>AWS Region<\/strong>\u00a0that was used for the Home Region when deploying Control Tower. For example., eu-west-2<\/li>\n<\/ul>\n<p>A web browser will then open prompting for login credentials if you\u2019re not already logged in.<\/p>\n<ul>\n<li>Login with your Username and Password.<\/li>\n<li>Click\u00a0<strong>Allow<\/strong>.<\/li>\n<li>Select the\u00a0<strong>AWS Management Account<\/strong>\u00a0using the cursor keys.<\/li>\n<li>Press\u00a0<strong>Return<\/strong>\u00a0for the default client Region and the default output format.<\/li>\n<li>For the Profile name use something memorable as this can be anything. For example., ct-mgmt<\/li>\n<\/ul>\n<p>Deploying the SRA Common Pre-Requisites<\/p>\n<p>There are a few things that need to be installed on our local device as a pre-cursor for this part, including Git, Bash Shell, the AWS CLI v2 and 7-Zip. The following instructions will be based on running a Windows Device.<\/p>\n<ul>\n<li>Clone the SRA Source Files from GitHub via either a Command Prompt or from Powershell:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79436\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.30.59-300x22.png\" alt=\"\" width=\"532\" height=\"39\" \/><\/p>\n<p>Now that we have the SRA source files locally, we need to start creating some CloudFormation Stacks in our Management Account using the YAML templates within the source. These templates setup the functionality for SRA to work before we even install the Customisations for Control Tower solution.<\/p>\n<ul>\n<li>Launch the\u00a0<strong>sra-common-prerequisites-staging-s3-bucket.yaml<\/strong>\u00a0via the AWS CLI using either a Command Prompt or from Powershell:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79435\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.32.46-300x49.png\" alt=\"\" width=\"533\" height=\"87\" \/><\/p>\n<ul>\n<li>Package and upload all the SRA Solutions to the Staging S3 Bucket via GitBash:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79434\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.33.18-300x22.png\" alt=\"\" width=\"532\" height=\"39\" \/><\/p>\n<ul>\n<li>Launch the\u00a0<strong>sra-common-prerequisites-management-account-parameters.yaml<\/strong>\u00a0via the AWS CLI using either a Command Prompt or from Powershell:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79433\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.33.52-300x49.png\" alt=\"\" width=\"545\" height=\"89\" \/><\/p>\n<ul>\n<li>Launch the\u00a0<strong>sra-common-prerequisites-main-ssm.yaml<\/strong>\u00a0via the AWS CLI using either a Command Prompt or from Powershell:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79432\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.34.21-300x50.png\" alt=\"\" width=\"546\" height=\"91\" \/><\/p>\n<h4>Deploy the Customisations for Control Tower Solution<\/h4>\n<p>The team at AWS has developed the SRA utilised Customisations for Control Tower (CfCT) as the delivery mechanism for their customisations. But since they don\u2019t maintain that solution itself, it\u2019s strongly recommended to check the current version of CfCT\u00a0<a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/github.com\/aws-solutions\/aws-control-tower-customizations\">here<\/a>\u00a0prior to launching the CloudFormation Template.<\/p>\n<p>You may find that you wish to edit\u00a0<strong>sra-common-cfct-setup-main.yaml<\/strong>\u00a0to reflect the following change instead:<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79431\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.34.51-300x67.png\" alt=\"\" width=\"542\" height=\"121\" \/><\/p>\n<p>The architecture that is deployed by CfCT is shown below.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79403\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/customizations-for-aws-control-tower-architecture-diagram-300x157.png\" alt=\"\" width=\"548\" height=\"287\" \/><\/p>\n<ul>\n<li>Launch the\u00a0<strong>sra-common-cfct-setup-main.yaml<\/strong>\u00a0via the AWS CLI using either a Command Prompt or from Powershell:<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79429\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.35.43-300x41.png\" alt=\"\" width=\"549\" height=\"75\" \/><\/p>\n<h4>What Customisations should I make?<\/h4>\n<p>This is always very subjective and there are many things that may factor into the answer. That being said, here are a few suggestions, in no particular order! And best of all, they are all included within the SRA Source Files with the exceptions of the Service Control Policies (SCPs). There are also other CloudFormation Templates available within the SRA source files that could be used, or alternatively, you may wish to create your own.<\/p>\n<p><strong>CloudFormation<\/strong><\/p>\n<ul>\n<li>Enable Config in the Management Account<\/li>\n<li>Enable CloudTrail Organisational Trail for Data Events<\/li>\n<li>Enable EC2 Default EBS Encryption<\/li>\n<li>Configure a Hardened IAM Account Password Policy<\/li>\n<li>Enable S3 Block Public Access at the Account Level<\/li>\n<li>Configure AWS Account Alternate Contacts<\/li>\n<li>Enable IAM Access Analyzer and Configure for Delegated Administration<\/li>\n<li>Enable GuardDuty and Configure for Delegated Administration<\/li>\n<li>Enable Macie and Configure for Delegated Administration<\/li>\n<li>Enable Security Hub and Configure for Delegated Administration<\/li>\n<\/ul>\n<p><strong>Service Control Policies<\/strong><\/p>\n<ul>\n<li>Prevent Accounts from Leaving the Organisation<\/li>\n<li>Prevent the Disabling of any Security Tooling<\/li>\n<li>Prevent IAM User Creation<\/li>\n<\/ul>\n<h4>Time to Customise our Control Tower Setup<\/h4>\n<p>This section will go through customising Control Tower based on the author\u2019s personal recommendations.<\/p>\n<ul>\n<li>Install the git-remote-codecommit module via either a Command Prompt or Powershell.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79428\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.36.34-300x21.png\" alt=\"\" width=\"429\" height=\"30\" \/><\/p>\n<ul>\n<li>Clone the CodeCommit repository that is deployed by CfCT via either a Command Prompt or Powershell.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79427\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.36.58-300x21.png\" alt=\"\" width=\"486\" height=\"34\" \/><\/p>\n<p><strong>Note:<\/strong>\u00a0You\u2019ll need to ensure that you use the name of your AWS CLI profile prior to the\u00a0@\u00a0as shown in the example above.<\/p>\n<ul>\n<li>Within your IDE of choice, under the custom-control-tower-configuration folder, delete the\u00a0<strong>example-configuration<\/strong>\u00a0folder.<\/li>\n<li>Under the custom-control-tower-configuration folder, create three new folders named\u00a0<strong>parameters<\/strong>,\u00a0<strong>policies<\/strong>\u00a0and\u00a0<strong>templates<\/strong>.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79426\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.37.22-300x72.png\" alt=\"\" width=\"500\" height=\"120\" \/><\/p>\n<ul>\n<li>Copy the following files from the SRA source files to\u00a0<strong>custom-control-tower-configuration\\templates<\/strong>.\n<ul>\n<li>sra-account-alternate-contacts-main-ssm.yaml<\/li>\n<li>sra-cloudtrail-org-main-ssm.yaml<\/li>\n<li>sra-config-management-account-main-ssm.yaml<\/li>\n<li>sra-ec2-default-ebs-encryption-main-ssm.yaml<\/li>\n<li>sra-guardduty-org-main-ssm.yaml<\/li>\n<li>sra-iam-access-analyzer-main-ssm.yaml<\/li>\n<li>sra-iam-password-policy-main-ssm.yaml<\/li>\n<li>sra-macie-org-main-ssm.yaml<\/li>\n<li>sra-securityhub-org-main-ssm.yaml<\/li>\n<\/ul>\n<\/li>\n<li>Copy the following files from the SRA source files to\u00a0<strong>custom-control-tower-configuration\\parameters<\/strong>.\n<ul>\n<li>sra-account-alternate-contacts-main-ssm.json<\/li>\n<li>sra-cloudtrail-org-main-ssm.json<\/li>\n<li>sra-config-management-account-main-ssm.json<\/li>\n<li>sra-ec2-default-ebs-encryption-main-ssm.json<\/li>\n<li>sra-guardduty-org-main-ssm.json<\/li>\n<li>sra-iam-access-analyzer-main-ssm.json<\/li>\n<li>sra-iam-password-policy-main-ssm.json<\/li>\n<li>sra-macie-org-main-ssm.json<\/li>\n<li>sra-s3-block-account-public-access-main-ssm.json<\/li>\n<li>sra-securityhub-org-main-ssm.json<\/li>\n<\/ul>\n<\/li>\n<li>Amend the values as required in each of the JSON files above to customise the configuration of each of the different templates. For example., IAM Password Policy configuration will be defined in the sra-iam-password-policy-main-ssm.json.<\/li>\n<\/ul>\n<ul type=\"circle\">\n<li class=\"x_contentpasted2\">Create<span class=\"x_contentpasted21\">\u00a0<\/span><strong>scp-prevent-accounts-leaving-org.json<\/strong><span class=\"x_contentpasted21\">\u00a0<\/span>in<span class=\"x_contentpasted21\">\u00a0<\/span><strong>custom-control-tower-configuration\\policies<\/strong><span class=\"x_contentpasted21\">\u00a0<\/span>and paste in the below contents.<\/li>\n<\/ul>\n<ul>\n<li class=\"x_contentpasted2\">Create<span class=\"x_contentpasted21\">\u00a0<\/span><strong>scp-prevent-disabling-security-tooling.json<\/strong><span class=\"x_contentpasted21\">\u00a0<\/span>in<span class=\"x_contentpasted21\">\u00a0<\/span><strong>custom-control-tower-configuration\\policies<\/strong><span class=\"x_contentpasted21\">\u00a0<\/span>and paste in the below contents.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79407\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-03-13-at-113431-300x232.png\" alt=\"\" width=\"561\" height=\"434\" \/><\/p>\n<ul>\n<li>Create\u00a0<strong>scp-prevent-disabling-security-tooling.json<\/strong>\u00a0in\u00a0<strong>custom-control-tower-configuration\\policies<\/strong>\u00a0and paste in the below contents.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79406\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-03-13-at-113609-204x300.png\" alt=\"\" width=\"564\" height=\"829\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79405\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-03-13-at-113646-213x300.png\" alt=\"\" width=\"564\" height=\"794\" \/><\/p>\n<ul>\n<li>Create\u00a0<strong>scp-prevent-iam-users-creation.json<\/strong>\u00a0in\u00a0<strong>custom-control-tower-configuration\\policies<\/strong>\u00a0and paste in the below contents.<\/li>\n<\/ul>\n<figure id=\"attachment_79404\" aria-describedby=\"caption-attachment-79404\" style=\"width: 564px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79404\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-03-13-at-114338-300x265.png\" alt=\"\" width=\"564\" height=\"498\" \/><figcaption id=\"caption-attachment-79404\" class=\"wp-caption-text\">#image_title<\/figcaption><\/figure>\n<ul>\n<li>Modify the contents of\u00a0<strong>manifest.yaml<\/strong>\u00a0as per below.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-79412 alignleft\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-20.50.28-300x277.png\" alt=\"\" width=\"508\" height=\"469\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-79411 alignleft\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-20.58.28-197x300.png\" alt=\"\" width=\"512\" height=\"780\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79410\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-20.59.31-201x300.png\" alt=\"\" width=\"514\" height=\"767\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79409\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-21.00.25-196x300.png\" alt=\"\" width=\"516\" height=\"790\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79408\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-21.01.07-300x29.png\" alt=\"\" width=\"517\" height=\"50\" \/><\/p>\n<ul>\n<li>Commit the files that you\u2019ve previously copied, modified and deleted to CodeCommit via either a Command Prompt or Powershell.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-79417\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/Screenshot-2023-01-25-at-18.41.40-300x58.png\" alt=\"\" width=\"434\" height=\"84\" \/><\/p>\n<p>This will now trigger the DevOps Pipeline and, assuming that no issues have occurred, will show as Succeeded.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79402\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/cfct-part-4-300x161.png\" alt=\"\" width=\"756\" height=\"406\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\" wp-image-79401\" src=\"https:\/\/www.globallogic.com\/il\/wp-content\/uploads\/sites\/19\/2023\/07\/cfct-part-5-300x161.png\" alt=\"\" width=\"759\" height=\"407\" \/><\/p>\n<p>&nbsp;<\/p>\n<p>This is the end of our AWS Control Tower part four series. We hope it proved useful and enables you to customise your own Control Tower Environments.<\/p>\n<p>Should you have any additional questions around cloud security governance, or comments in general, we\u2019d love to hear from you. <a rel=\"external nofollow\" target=\"_blank\" href=\"https:\/\/www.globallogic.com\/uk\/contact\/\">Drop us a message<\/a> and the team will be in touch to arrange a follow-up call.<\/p>\n<h4>About the author:<\/h4>\n<p>Adam Divall, Solutions Architect at GlobalLogic with over 20 years demonstrable experience in design, implementation, migration and support of large, complex solutions to support a customer\u2019s long term business strategy. Divall holds all 12 available certifications for Amazon Web Services with specialisations including Networking, Security, Database, Data Analytics and Machine Learning.<\/p>\n<p>&nbsp;<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>If you missed the previous posts on Deploying a Landing Zone with AWS Control Tower or you\u2019ve not had much experience with the service, we\u2019d recommend reading Parts 1 to 3 before continuing.<\/p>\n","protected":false},"author":10,"featured_media":0,"parent":0,"menu_order":66,"template":"","insight":[41],"insight-subcats":[],"insight-industry":[906],"insight-services":[],"insight-partners":[],"class_list":["post-77056","insightsection","type-insightsection","status-publish","hentry","insight-blogs","insight-industry-cross-industry"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insightsection\/77056","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insightsection"}],"about":[{"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/types\/insightsection"}],"author":[{"embeddable":true,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/users\/10"}],"version-history":[{"count":1,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insightsection\/77056\/revisions"}],"predecessor-version":[{"id":101302,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insightsection\/77056\/revisions\/101302"}],"wp:attachment":[{"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/media?parent=77056"}],"wp:term":[{"taxonomy":"insight","embeddable":true,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insight?post=77056"},{"taxonomy":"insight-subcats","embeddable":true,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insight-subcats?post=77056"},{"taxonomy":"insight-industry","embeddable":true,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insight-industry?post=77056"},{"taxonomy":"insight-services","embeddable":true,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insight-services?post=77056"},{"taxonomy":"insight-partners","embeddable":true,"href":"https:\/\/www.globallogic.com\/il\/wp-json\/wp\/v2\/insight-partners?post=77056"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}