AWS Platform Guide
Provision Platform Resources
This is an advanced topic for platform engineers.
On AWS, thoughtbot uses Control Tower to implement security best practices and reliable workload isolation. This provides a quick starting point for a multi-account setup while still allowing for significant customization and expansion later.
Rather than managing individual IAM accounts, Control Tower makes it easy to use AWS SSO to manage users centrally and integrate with existing identity stores like a Google or Microsoft user directory.
We use Customizations for Control Tower to configure account baselines and deploy service control policies.
We have a standardized account infrastructure we use to structure organizations.
AWS Platform Guide
The guide for building and maintaining production-grade Kubernetes clusters with built-in support for SRE best practices.
Source available on GitHub.