Create a customized account from a blueprint
After you have created custom blueprints, you can start creating custom accounts in AWS Control Tower account factory.
Follow these steps to deploy a custom blueprint when you're creating a new AWS account:
-
Go to AWS Control Tower in the AWS Management Console.
-
Select Account factory and Create account.
-
Enter account details such as account name and email address.
-
Configure IAM Identity Center details with email address and user name.
-
Select a registered OU where your account will be added.
-
Expand the Account factory customization section.
-
Enter the account ID of the blueprint hub account that contains your Service Catalog products and choose Validate. For more information about a blueprint hub account, see Customize accounts with Account Factory Customization (AFC).
-
Select the dropdown menu that contains all blueprints from your Service Catalog Product List (all custom and partner blueprints). Choose a blueprint and corresponding version to deploy.
-
If your blueprint contains parameters, these fields are displayed for you to populate. Default values are pre-populated.
-
Finally, select where you'll deploy your blueprint, either Home Region or All governed Regions. Global resources such as RouteĀ 53 or IAM, may need to be deployed to a single Region only. Regional resources, such as Amazon EC2 instances or Amazon S3 buckets, could be deployed to all governed Regions
-
After all fields are completed, select Create account.
Note
Blueprints created with Terraform can deploy to one Region only, not multiple Regions.
You can view the progress of your account provisioning on the Organization page. When your account provisioning is complete, the resources specified by your blueprint are already deployed within it. To view the details of the account and blueprint, go to the Account details page.