Update Existing Control Tower Landing Zone to Landing Zone 3 | Amazon Web Services
Aug 16, 2023
Update Existing Control Tower Landing Zone to Landing Zone 3 | Amazon Web Services
In this video, you’ll learn about updating to AWS Control Tower landing zone version 3.0. With this version, you can enable organization-level AWS CloudTrail trails, utilize expanded Region deny guardrail features, and reduce the amount of AWS Config resources needed.https://go.aws/3bDonmc http://bit.ly/2O3zS75 http://bit.ly/316g9t4
Content
0.052 -> In this video, you’ll learn about updating to
AWS Control Tower landing zone version 3.0.
5.835 -> With this version, you can enable
organization-level AWS CloudTrail trails,
9.918 -> utilize expanded Region
deny guardrail features,
12.827 -> and reduce the amount of
AWS Config resources needed.
17.995 -> From the AWS Control Tower dashboard,
let’s start by opening the Landing zone settings.
24.278 -> We’ll select version number
3.0 and initiate the update.
30.631 -> The first step-to update
Region settings-is optional.
34.338 -> Let’s move on to step 2.
39.237 -> The version 3.0 update introduces an
optional configuration that reorganizes
42.956 -> your organization’s AWS CloudTrail trails from
account-based into organization-based trails.
49.228 -> If you enable this configuration, AWS
Control Tower creates an organization-
53.313 -> level CloudTrail trail and aggregates logs
into your organization’s existing Amazon
57.773 -> Simple Storage Service (Amazon S3)
bucket associated with Control Tower.
63.293 -> Enabling this feature will replace any account-
level trails provisioned by AWS Control Tower;
68.078 -> however, you are responsible for
eliminating any other account-level trails
71.704 -> and re-establishing the file paths for
third-party logging tools if necessary.
76.568 -> Let’s confirm the
acknowledgement and proceed.
81.238 -> Here, we can review our choices and
then choose to update our landing zone.
85.425 -> For now, let’s return to the previous page.
89.342 -> If you opt out of organization-level
CloudTrail trails, AWS Control Tower will
93.729 -> stop managing your AWS CloudTrail trails.
98.344 -> Control Tower will delete your
account-level trails, although logging
101.319 -> data already in the specified
Amazon S3 bucket will stay intact.
105.774 -> Also, Control Tower will
not create any new trails,
108.623 -> though your organization can
create and manage trails on its own.
112.259 -> To proceed, we must
acknowledge these terms.
115.955 -> We must also enter text stating
that we want to STOP ALL TRAILS.
120.509 -> Let’s confirm and move on.
124.888 -> Now we’ll review our selections
and update the landing zone.
131.748 -> Landing zone version 3.0 also expands
the AWS Control Tower Region deny
135.994 -> guardrail to include additional AWS
Chatbot, Amazon S3 Storage Lens,
140.694 -> and Amazon S3 Multi-Region Access Points APIs.
144.542 -> The Region deny guardrail assists you
in limiting access to AWS services and
148.386 -> operations for enrolled accounts
in your Control Tower environment.
152.238 -> This helps ensure that any customer
data you upload to AWS services
155.851 -> is located only in the AWS
Regions that you specify.
160.385 -> Further, landing zone 3.0 now records
global resources in home Regions only.
165.921 -> This configuration creates cost savings
by reducing the number of configuration
169.579 -> items created when global resources
are created, modified, or deleted.
174.769 -> You’ve just learned about updating to AWS
Control Tower Landing Zone version 3.0.
180 -> You can learn more about this topic in
the description and links for this video.
183.212 -> Thanks for watching. Now it's your turn to try.
Source: https://www.youtube.com/watch?v=zf-dJ6_joTw
