Open in app

Sign in

Write

Sign in

Adding a new AWS Account to a Landing Zone

Neal Sebastian
2 min readDec 31, 2022

This article is a part of my Landing Zone series. View the first of the part here: AWS Control Tower: Beginning of the Adventure.

There are 2 ways to create an account and have it enrolled in your Landing Zone. You can go to Control Tower > Account Factory, then press the Create account button.

Or, you can go to Service Catalog > Products. Select the AWS Control Tower Account Factory; then press the Launch product button.

In any case, you will need to at least supply the following

  • Account email: This will be email address of the root user for the new AWS account. As best practice, don’t use the same email address as the root user of your Landing Zone account. If you use Gmail and don’t want to create a new email for every new AWS account, you can create “alias” emails by adding +<account name> to your Gmail username. If your email is buff@gmail.com, and you want to name your AWS account to foo, you can use the ff email address: buff+foo@gmail.com. Any email sent to buff+foo@gmail.com will be received by buff@gmail.com. Make sure you have access to this email, as you will use it in case you want to close the account.
  • Display name (Provisioned product name for Service Catalog): This is the name of the AWS account.
  • IAM Identity Center user email (SSOUserEmail for Service Catalog): Initial AWS Identity Center (formerly SSO) user with administrator access to the account. If you supply an email of an existing user, it will grant access to that user; otherwise, it will create a new user.
  • Organization Unit (ManagedOrganizationalUnit): OU to assign the new AWS account under.

After a few minutes, you will receive emails on the Account email regarding the new account. If you created a new Identity Center account, you will also receive an email regarding your new user.

At this point, you can go ahead and login on your new AWS account via the AWS access portal URL using the IAM Identity center email.

Optional, setup a password for the Account email

To setup a password, login to the AWS account using the Account email. Don’t use the AWS access portal URL. Instead, login as a root user here https://console.aws.amazon.com/.

Enter the Account email you provided earlier. At the next screen, click Forgot password?. After guessing the captcha correctly, you will receive an email from AWS with a link to reset, but in our case, set a new password for your AWS account.

Aws Landing Zone
AWS

--

--

Neal Sebastian

Written by Neal Sebastian

6 Followers

AWS and GCP Solutions Architect. My journey to the cloud started from writing web & mobile applications, to building CI/CD pipelines and data lakes.

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams