# Lab: Deploying AWS Control Tower via Terraform {% hint style="success" %} ## Already Know Terraform? If you're already familiar with Terraform, feel free to hop over to the [AWS Security Cookbook by Tyler GitHub repository](https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler/tree/main) to grab and deploy the code. Otherwise, stick around and we'll walk through it together! {% endhint %} ## Overview The Terraform code for this module has been left in a simplified state (i.e., not using modules, loops, or other advanced Terraform features) to be more easily accessible. You can customize it further to meet your specific requirements. The Terraform resources for setting up an AWS Control Tower landing zone are fairly new and not as feature-rich as what's available in the AWS Management Console. There will be some steps you'll need to perform in the console after deploying your Landing Zone e.g., registering any pre-existing Organizational Units and defining guardrails like region restrictions. Deploying the Landing Zone does take close to an hour, so be prepared to wait for the resources to be created. Additionally, making changes to the Landing Zone configuration after deployment or enabling more features will take time to update. The progress can be monitored in the AWS Management Console under the AWS Control Tower service. ## Deployment {% hint style="danger" %} ## Cost Alert Enabling AWS Control Tower will incur costs so please review the pricing page for more information * ; {% endhint %} {% code overflow="wrap" %} ```bash # clone the AWS Security Cookbook repository git clone https://github.com/Ty182/AWS-Security-Cookbook-by-Tyler # navigate to AWS Control Tower directory cd AWS_Cookbook_by_Tyler/recipes/aws_controltower/code # initialize the directory and download the required terraform providers terraform init # check formatting and validate the syntax is correct terraform fmt && terraform validate # check the resources that will be created terraform plan # deploy the resources terraform apply ``` {% endcode %} * The deployment will take \~1 hour to complete. Grab some coffee!

Waiting for Control Tower to deploy

* Once complete, head to the AWS Control Tower Dashboard and check it out!

AWS Control Tower Dashboard

## Cleanup {% hint style="danger" %} ## Clean up the resources Avoid unnecessary costs by deleting the created resources `terraform destroy` {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.techwithtyler.dev/academy/aws-security-cookbook-by-tyler/aws-control-tower/lab-deploying-aws-control-tower-via-terraform.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.