Get a practical introductory guide to the AWS Control Tower Account Factory for Terraform (AFT) and how it can bring GitOps automation to a multi-account AWS architecture.
Initially the multi-account vending system for AWS was called Landing Zones. Eventually Landing Zones got rebranded and restructured as AWS Control Tower. It's an opinionated way for provisioning your AWS accounts with management tools like dashboards.
There are no public API endpoints for AWS Control Tower, so the only ways to automate provisioning are:
Manual provisioning - ClickOps
Customizations for AWS Control Tower (CfCT) - which uses CloudFormation
Target underlying AWS services that do have a Terraform provider or use a provider like idealo/controltower that does that for you
AWS Control Tower Account Factory for Terraform (AFT)
This code and architecture example walkthrough from The Scale Factory's Marko Bevc is a great consultancy-perspective introduction to AFT and the advantages it has:
GitOps driven workflow
Fully into both AWS and Terraform ecosystems with support
Security built-in and aligned with Well-Architected Framework practices