Automating AWS Control Tower Landing Zone with Terraform

Question

Hello, AWS community,

I am currently exploring options for automating the creation of AWS Control Tower landing zones.

Has there been any recent development or release of Terraform providers or modules for AWS Control Tower, allowing for the automation of landing zone setup?

If Terraform support is not available, are there any recommended best practices or alternative approaches for automating the creation of AWS Control Tower landing zones using Terraform or other tools?

I appreciate any insights, experiences, or updates the community can provide on this topic.

Thank you!
Sameed

Accepted Answer

Coming back to this question. At Re:Invent 2023 new APIs were announced for Control Tower where you can automate the setup of a Control Tower Landing Zone.

However I have not seen updates from Terraform for those new APIs to be called via Terraform resources.

Answer

Hi,

Currently it is not possible to automate the setup of a Control Tower Landing Zone as APIs for those functions are not available. It is possible to use Terraform for the enablement/disablement of controls once Control Tower is deployed however.  Using this Terraform resource [https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/controltower_control](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/controltower_control).

Once Control Tower is deployed, we do have a solution [Account Factory for Terraform](https://docs.aws.amazon.com/controltower/latest/userguide/aft-getting-started.html), that allows you to use Terraform to create and manage your AWS Accounts.

Also note that our annual conference Re:Invent is soon, and we often announce new features and services. There is likely to be some updates for Control Tower there.

Automating AWS Control Tower Landing Zone with Terraform

Relevant content