To protect AWS resources in multi-account environments with the Commvault software, Commvault recommends using AWS Control Tower for governing accounts and using Account Factory, including Account Factory Customization (AFC), for creating and managing accounts. After setting up your multi-account landing zone in AWS Control Tower, perform all account provisioning and management from the AWS Control Tower Management Console, SDK, or AWS CLI—not from the AWS Organizations console.
Related Information
-
Best practices for AWS Control Tower administrators in the AWS documentation
-
Automate account customization using Account Factory Customization in AWS Control Tower in AWS Cloud Operations & Migrations Blog