Skip to content
This repository has been archived by the owner on Oct 23, 2020. It is now read-only.

AWS SAM project to provide a Control Tower API

License

Notifications You must be signed in to change notification settings

smoketurner/sam-controltower-api

Repository files navigation

AWS SAM Control Tower API

AWS SAM project to provide a Control Tower API that exposes an HTTPS endpoint for creating new AWS accounts.

  • POST /v1/accounts - create a new AWS account
  • GET /v1/accounts/{accountName} - return the status of a previous account creation request

When creating a new account, you can also provide a callback URL to be notified when the account creation has completed.

Features

After a new account has been successfully created, this application will do the following actions on the new account:

  1. Deletes the default VPC in all of the regions
  2. Blocks S3 public access on the account
  3. Add a CloudWatch Logs resource policy for Route53 query logging
  4. Enrolls the new account in Security Hub to the admin account

Installation

This project should be installed in your AWS root account where you have already created a Control Tower landing zone (see the Getting Started with AWS Control Tower guide for more information).

make setup
make build
make deploy

References