In this lab, you will build a governance framework using AWS Organizations and AWS Control Tower to manage multiple AWS accounts effectively. You'll create organizational units (OUs), apply service control policies (SCPs), and set up a control tower with guardrails in place. This exercise will guide you through the complexities of multi-account setups including creating policies that align with real-world constraints like budget and compliance. The goal is to ensure that you can manage AWS resources at scale in a secure and efficient manner. This advanced scenario will help you understand the intricacies of setting up AWS environments tailored to enterprise needs, considering both security and cost efficiency to align with best practices.
Your company, a large financial services firm, has recently decided to migrate its IT infrastructure to AWS. The company is structured into multiple departments, each requiring its own AWS account due to different regulatory and operational requirements. Your task is to set up a governance framework using AWS Organizations and Control Tower to manage these multiple accounts. The objective is to ensure compliance across the board and optimize for cost and security. The firm has a strict budget of $5,000 monthly per department for cloud expenses and a response time SLA of 99.9% operational uptime for critical applications.
