You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since you've added so much to this blueprint it's now kind of monolithic. I'm suggesting to decouple the infrastructure components (along with the docs) from the actual blueprint. Here's a user story to describe why:
My company started with a single AWS account. When Control Tower launched we implemented it using AWS SSO and the initial account became our master. The multi-account model enabled by Control Tower and Organizations is so powerful that we plan to create separate research accounts for our different departments, projects and fellowships.
We've chosen to stick with AWS SSO for now and don't want the AD pieces. If and when we do switch to AD, we'll want to connect to our existing installation. It turns out that BB 2.0 works just fine with AWS SSO - though to be clear, the AD instance is running and still used for VPN admin auth.
The TGW account is a revelation! But it only needs to be set up once while the BB needs to be implemented in each research account. We'd love it if the BB code could be run as a separate module, adding associations, routes, etc to the existing TGW auto-magically.
The text was updated successfully, but these errors were encountered:
Actually, my multi-research account user story presents an interesting issue.
Accounts created via Control Tower have VPCs that are assigned identical CIDR ranges (source). So BB would have to create a new VPC (which it does) but expose the CIDR as a parameter (which it doesn't) in order to be routable via TGW.
Hey Paul, really awesome work!
Since you've added so much to this blueprint it's now kind of monolithic. I'm suggesting to decouple the infrastructure components (along with the docs) from the actual blueprint. Here's a user story to describe why:
My company started with a single AWS account. When Control Tower launched we implemented it using AWS SSO and the initial account became our master. The multi-account model enabled by Control Tower and Organizations is so powerful that we plan to create separate research accounts for our different departments, projects and fellowships.
We've chosen to stick with AWS SSO for now and don't want the AD pieces. If and when we do switch to AD, we'll want to connect to our existing installation. It turns out that BB 2.0 works just fine with AWS SSO - though to be clear, the AD instance is running and still used for VPN admin auth.
The TGW account is a revelation! But it only needs to be set up once while the BB needs to be implemented in each research account. We'd love it if the BB code could be run as a separate module, adding associations, routes, etc to the existing TGW auto-magically.
The text was updated successfully, but these errors were encountered: