[Request]: Integrate with Control Tower

[astuyve]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request AWS's own best practice is to isolate each service + environment in separate accounts. So if I had workload a and workload b deployed to a dev environment and production environment, I'd need 4 accounts for each service instance.

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? I'd like to use Proton to integrate with Control Tower, so my developers can easily provision their own service instances in isolated AWS accounts, following best practice. It's hard because Proton does not seem to integrate with Control Tower, or other programmatic ways to provision AWS accounts.

Are you currently working around this issue? My (previous) team has has to build this feature using the aws-sdk and lambda.

[rafavallina]

Hi @astuyve Thanks for this request and apologies for taking so long to get one it as I was out.

Yes, this is something we need to work on. Our first step was to deliver the capacity to create environments across account, which we shipped with GA, and now we are taking steps to enable this kind of programmatic access. Next up in the queue is creating CloudFormation resources for cross-account connections, so that you can use StackSets to automatically establish the connection as more accounts get created.

This said, eventually we do want to integrate with Control Tower so there are fewer steps between account creation and environment being ready, so I'll add this to the roadmap

[grumpper]

so how is that integration going on 3 years later?