In this advanced hands-on lab, you will explore the intricacies of setting up a multi-account architecture with AWS Organizations, leveraging service control policies (SCPs) and AWS IAM Identity Center to achieve granular access control. Through a series of interconnected tasks, you'll ensure governance and compliance within a multi-account environment. Participants will create a management account and several member accounts within an organization, applying SCPs to enforce security and operational constraints. Furthermore, you'll implement IAM Identity Center to centrally manage user identities and permissions across accounts, ensuring that only the necessary permissions are granted for different roles. This lab also incorporates the usage of AWS CloudFormation StackSets to automate resource provisioning across multiple accounts, highlighting best practices in infrastructure as code (IaC) development. You'll gain insights into configuring AWS Config to gather compliance data across accounts, aiming to enhance security and audit readiness.
A multinational company, Globex Corp, aims to reorganize its AWS environment to support multiple business units with distinct operational needs. The CTO mandates the creation of a robust multi-account structure that facilitates compliance, secures sensitive data, and streamlines resource allocation and cost management. Globex Corp projects that AWS costs must not exceed $20,000 monthly, and the architecture should support rapid provisioning of accounts while adhering to security best practices.
