Las traducciones son generadas a través de traducción automática. En caso de conflicto entre la traducción y la version original de inglés, prevalecerá la version en inglés.
Crea una nueva landing zone usando AWS CloudFormation
Desde la AWS CloudFormation consola o mediante el AWS CLI, despliega la siguiente AWS CloudFormation plantilla para crear una landing zone.
Parameters: Version: Type: String Description: The version number of Landing Zone GovernedRegions: Type: List Description: List of governed regions SecurityOuName: Type: String Description: The security Organizational Unit name SandboxOuName: Type: String Description: The sandbox Organizational Unit name CentralizedLoggingAccountId: Type: String Description: The AWS account ID for centralized logging SecurityAccountId: Type: String Description: The AWS account ID for security roles LoggingBucketRetentionPeriod: Type: Number Description: Retention period for centralized logging bucket AccessLoggingBucketRetentionPeriod: Type: Number Description: Retention period for access logging bucket KMSKey: Type: String Description: KMS key ARN used by CloudTrail and Config service to encrypt data in logging bucket Resources: MyLandingZone: Type: 'AWS::ControlTower::LandingZone' Properties: Version: Ref: Version Tags: - Key: "keyname1" Value: "value1" - Key: "keyname2" Value: "value2" Manifest: governedRegions: Ref: GovernedRegions organizationStructure: security: name: Ref: SecurityOuName sandbox: name: Ref: SandboxOuName centralizedLogging: accountId: Ref: CentralizedLoggingAccountId configurations: loggingBucket: retentionDays: Ref: LoggingBucketRetentionPeriod accessLoggingBucket: retentionDays: Ref: AccessLoggingBucketRetentionPeriod kmsKeyArn: Ref: KMSKey enabled: true securityRoles: accountId: Ref: SecurityAccountId accessManagement: enabled: true
