Builds Organizational Units Tree

Creates (or imports) Security Account

Creates (or imports) Networking Account

Creates (or imports) Shared Services Account

Creates (or imports) Log-Archive Account

Creates AWS Single Sign-On (AWS SSO) Permission Sets for Administrators, PowerUsers, Billing, Service Catalog and Networking Users

Delegates Services Administration (Amazon Macie, AWS Systems Manager, AWS IAM Access Analyzer, Amazon S3 Storage Lens) to the Security Account

Centralizes AWS Systems Manager Explorer Ops Aggregator in the Security Account

SQL License Tracker

Enables Patch Management Window based on a tag and cron schedule for all Amazon Elastic Compute Cloud (Amazon EC2) Instances in your Organization

Enables Service Quota management. It creates 100+ Amazon CloudWatch alarms and fires a quota request when a service is reaching a particular threshold



AWS Budgets created in all accounts with a desired budget per month and notifications if there is a chance of going above the budget set

Savings Plans Notifications at 7 and 1 days before expiration date

Cost and Usage Reports


General Networking

Creates a secure Amazon Virtual Private Cloud (Amazon VPC) for Shared Services Account

Creates a secure Amazon Virtual Private Cloud (Amazon VPC) for Networking Account

Builds a AWS Transit Gateway Orchestrator in the Networking Account

Creates a Global Network resource in the Networking Account


Logging Aggregation