Skip to main content

FAQ

Frequently asked questions about managing AWS accounts with Cloud Posse's reference architecture.

Why not use Control Tower?

AWS Control Tower cannot be managed with Terraform. Depending on the Scope of Work, Cloud Posse is usually responsible for provisioning accounts with terraform which requires all the same access as Control Tower.

Why are there so many accounts?

Leveraging multiple AWS accounts within an AWS Organization is the only way to satisfy IAM level isolation. Each account has a very specific purpose, that all associated resources are isolated in that given account.

How we can set budgets?

Create budgets with the account-settings component. For more, see the account-settings component documentation

info

Budgets created for the root account apply to the AWS Organization as a whole

How do you add or remove Service Control Policies?

Service Control Policies are managed with the account component variable, service_control_policies_config_paths. For more, see the account component documentation

caution

This component manages the state of all AWS accounts, so apply with extreme caution!

How can you create an Account?

Follow the documentation for creating and setting up AWS Accounts

How do you delete an Account?

Follow the documentation for deleting AWS Accounts

How can you create a Tenant?

Follow the documentation for creating a new Organizational Unit