Deploy the solution - Account Assessment for AWS Organizations

Deploy the solution

This solution uses CloudFormation templates and stacks to automate its deployment. The CloudFormation templates specify the AWS resources included in this solution and their properties. The CloudFormation stack provisions the resources that are described in the templates.

Important

We designed this solution to aggregate scan findings for customers. This solution does not check the validity or correctness of your underlying resource-based policies. When changing policies that allow account migration to another AWS Organization, we recommend:

  • Verifying that your policies work as intended before making changes.

  • Using IAM Access Analyzer to verify that your policies achieve your desired permissions.

  • Reviewing and updating the Condition policy element to meet your security requirements. Do not delete the Condition without reviewing the underlying impact.

  • Engaging with AWS Solutions Architects, Technical Account Managers, and AWS Professional Services to review your AWS Organizations-based dependencies identified by the solution before initiating account migration.

Note

Dependencies outside the scope of this solution can impact the account migration between AWS Organizations (for example, quotas for AWS Organizations, resources shared by AWS RAM, and service-managed CloudFormation StackSets).

Deployment process overview

Important

This solution includes an option to send anonymized operational metrics to AWS. We use this data to better understand how customers use this solution and related services and products. AWS owns the data gathered though this survey. Data collection is subject to the AWS Privacy Notice.

To opt out of this feature, download the template, modify the CloudFormation mapping section, and then use the CloudFormation console to upload your updated template and deploy the solution. For more information, see the Anonymized data collection section of this guide.

Before you launch the solution, review the cost, architecture, security, and other considerations discussed in this guide. Follow the step-by-step instructions in this section to configure and deploy the solution into your account.

Time to deploy: Approximately 30-45 minutes

Step 1: Launch the Hub stack

  • Launch the AWS CloudFormation template in your Hub account.

  • Enter values for the required parameters.

  • Review the other template parameters and adjust, if necessary.

Step 2: Launch the Spoke stack

  • Launch the AWS CloudFormation template in your Spoke account.

  • Enter values for the required parameters.

  • Review the other template parameters and adjust, if necessary.

Step 3: Launch the Org-Management stack

  • Launch the AWS CloudFormation template in your Organizations management account.

  • Enter values for the required parameters.

  • Review the other template parameters and adjust, if necessary.