AWS Architecture Blog

Category: Management & Governance

Figure 1 - Architecture showing how AWS services are used to automatically remove the AWS SSO permission sets and mappings when you upgrade your AWS Control Tower environment

Field Notes: Clear Unused AWS SSO Mappings Automatically During AWS Control Tower Upgrades

Increasingly organizations are using AWS Control Tower to manage their multiple accounts as well as an external third-party identity source for their federation needs. Cloud architects who use these external identity sources, needed an automated way to clear the unused maps created by AWS Control Tower landing zone as part of the launch, or during […]

Field Notes: Extending the Baseline in AWS Control Tower to Accelerate the Transition from AWS Landing Zone

Caution: The solution covered in this blog post works on AWS Landing Zone 2.4.5 and lower, and AWS Control Tower 2.9 and lower. To use it in higher versions, you need to use a separate IAM password policy template for IamPasswordPolicy baseline and change the deployment target to a management account for the EnableNotifications baseline […]

Newer posts →

AWS Architecture Blog

Category: Management & Governance

Field Notes: Clear Unused AWS SSO Mappings Automatically During AWS Control Tower Upgrades

Field Notes: Extending the Baseline in AWS Control Tower to Accelerate the Transition from AWS Landing Zone

Learn

Resources

Developers

Help