Overview
- Four methods for account provisioning in Control Tower:
- Two console based: Account Factory; enroll account
- Two automated: Automated account provisioning with IAM roles (e.g. with Lambda); Account Factory for Terraform
- Steps:
- Initiate request e.g. Account Factory calls Service Catalog
- Service Catalog calls Control Tower
- Control Tower workflow—calls AWS Organizations CreateAccount API
- Control Tower applies blueprints and Controls
- Service Catalog polls Control Tower for progress
- When complete—Service Catalog finalizes state and informs requester of result