AWS Control Tower is a service that helps you set up an automated landing zone using best practices for account management that have been learned from years of working with a variety of customers who have complex multi-account environments. Control Tower is the successor to AWS Landing Zone and relies heavily on AWS Organizations, which will be covered in detail later in this chapter.
In this recipe, you will create a new account to serve as the Control Tower master, and within that account, you will launch your Control Tower environment, which will spawn two additional core accounts: Log Archive and Audit. Then, you will use the AWS Service Catalog to create a new provisioned account. Within a provisioned account, you will attempt to create resources that fail to comply with the guardrails established on the organizational...