Terjemahan disediakan oleh mesin penerjemah. Jika konten terjemahan yang diberikan bertentangan dengan versi bahasa Inggris aslinya, utamakan versi bahasa Inggris.

# Sumber daya yang dibuat di akun bersama
<a name="shared-account-resources"></a>

Bagian ini menunjukkan sumber daya yang dibuat AWS Control Tower di akun bersama, saat Anda menyiapkan landing zone.

Untuk informasi tentang sumber daya akun anggota, lihat[Pertimbangan Sumber Daya untuk Account Factory](account-factory-considerations.md).

## Sumber daya akun manajemen
<a name="mgmt-account-resouces"></a>

Saat Anda mengatur landing zone, AWS sumber daya berikut akan dibuat dalam akun manajemen Anda.


| AWS service | Tipe sumber daya | Nama sumber daya | 
| --- | --- | --- | 
| AWS Organizations | Akun | audit log archive | 
| AWS Organizations | OUs | Security Sandbox | 
| AWS Organizations | Kebijakan Kontrol Layanan | aws-guardrails-\$1  | 
| AWS CloudFormation | Tumpukan | AWSControlTowerBP-BASELINE-CLOUDTRAIL-MASTER AWSControlTowerBP-BASELINE-CONFIG-MASTER(dalam versi 2.6 dan yang lebih baru) | 
| AWS CloudFormation | StackSets |  AWSControlTowerBP-BASELINE-CLOUDTRAIL(Tidak diterapkan di 3.0 dan yang lebih baru) AWSControlTowerBP\$1BASELINE\$1SERVICE\$1LINKED\$1ROLE (Deployed in 3.2 and later) AWSControlTowerBP-BASELINE-CLOUDWATCH AWSControlTowerBP-BASELINE-CONFIG AWSControlTowerBP-BASELINE-ROLES AWSControlTowerBP-BASELINE-SERVICE-ROLES AWSControlTowerBP-SECURITY-TOPICS AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-READ-PROHIBITED AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-WRITE-PROHIBITED AWSControlTowerLoggingResources AWSControlTowerSecurityResources AWSControlTowerExecutionRole  | 
| AWS Service Catalog | Produk | AWS Control Tower Account Factory | 
| AWS Config | Agregator | aws-controltower-ConfigAggregatorForOrganizations | 
| AWS CloudTrail | Jejak | aws-controltower-BaselineCloudTrail | 
| Amazon CloudWatch | CloudWatch Log | aws-controltower/CloudTrailLogs | 
| AWS Identity and Access Management | Peran | AWSControlTowerAdmin AWSControlTowerStackSetRole AWSControlTowerCloudTrailRolePolicy | 
| AWS Identity and Access Management | Kebijakan | AWSControlTowerServiceRolePolicy AWSControlTowerAdminPolicy AWSControlTowerCloudTrailRolePolicy AWSControlTowerStackSetRolePolicy | 
| AWS IAM Identity Center | Grup direktori | AWSAccountPabrik AWSAuditAccountAdmins AWSControlTowerAdmins AWSLogArchiveAdmins AWSLogArchiveViewers AWSSecurityAuditors AWSSecurityAuditPowerUsers AWSServiceCatalogAdmins  | 
| AWS IAM Identity Center | Set Izin | AWSAdministratorAccess AWSPowerUserAccess AWSServiceCatalogAdminFullAccess AWSServiceCatalogEndUserAccess AWSReadOnlyAccess AWSOrganizationsFullAccess  | 

**catatan**  
 CloudFormation StackSet `BP_BASELINE_CLOUDTRAIL`Ini tidak digunakan di landing zone versi 3.0 atau yang lebih baru. Namun, itu terus ada di versi sebelumnya dari landing zone, sampai Anda memperbarui landing zone Anda.

## Sumber daya akun arsip log
<a name="log-archive-resources"></a>

Saat Anda mengatur landing zone, AWS sumber daya berikut akan dibuat dalam akun arsip log Anda.


| AWS service | Tipe sumber daya | Nama Sumber Daya | 
| --- | --- | --- | 
| AWS CloudFormation | Tumpukan | StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-READ-PROHIBITED- StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-WRITE-PROHIBITED StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH- StackSet-AWSControlTowerBP-BASELINE-CONFIG- StackSet-AWSControlTowerBP-BASELINE-CLOUDTRAIL- StackSet-AWSControlTowerBP-BASELINE-SERVICE-ROLES- StackSet-AWSControlTowerBP-BASELINE-SERVICE-LINKED-ROLE-(In 3.2 and later) StackSet-AWSControlTowerBP-BASELINE-ROLES- StackSet-AWSControlTowerLoggingResources- | 
| AWS Config | Aturan AWS Config | AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1READ\$1PROHIBITED AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1WRITE\$1PROHIBIT | 
| AWS CloudTrail | Jalan setapak | aws-controltower-BaselineCloudTrail | 
| Amazon CloudWatch | CloudWatch Aturan Acara | aws-controltower-ConfigComplianceChangeEventRule | 
| Amazon CloudWatch | CloudWatch Log | /aws/lambda/aws-controltower-NotificationForwarder | 
| AWS Identity and Access Management | Peran | aws-controltower-AdministratorExecutionRole aws-controltower-CloudWatchLogsRole aws-controltower-ConfigRecorderRole aws-controltower-ForwardSnsNotificationRole aws-controltower-ReadOnlyExecutionRole AWSControlTowerExecution | 
| AWS Identity and Access Management | Kebijakan | AWSControlTowerServiceRolePolicy | 
| Layanan Notifikasi Sederhana Amazon | Topik | aws-controltower-SecurityNotifications | 
| AWS Lambda | Aplikasi | StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-\$1 | 
| AWS Lambda | Fungsi | aws-controltower-NotificationForwarder | 
| Amazon Simple Storage Service | Bucket | aws-controltower-logs-\$1 aws-controltower-s3-access-logs-\$1 | 

## Sumber daya akun audit
<a name="audit-account-resources"></a>

Saat menyiapkan landing zone, AWS sumber daya berikut akan dibuat dalam akun audit Anda.


| AWS service | Tipe sumber daya | Nama sumber daya | 
| --- | --- | --- | 
| AWS CloudFormation | Tumpukan | StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-READ-PROHIBITED- StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-WRITE-PROHIBITED- StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH- StackSet-AWSControlTowerBP-BASELINE-CONFIG- StackSet-AWSControlTowerBP-BASELINE-CLOUDTRAIL- StackSet-AWSControlTowerBP-BASELINE-SERVICE-ROLES- StackSet-AWSControlTowerBP-BASELINE-SERVICE-LINKED-ROLE-(In 3.2 and later) StackSet-AWSControlTowerBP-SECURITY-TOPICS- StackSet-AWSControlTowerBP-BASELINE-ROLES- StackSet-AWSControlTowerSecurityResources-\$1 | 
| AWS Config | Agregator | aws-controltower-GuardrailsComplianceAggregator | 
| AWS Config | Aturan AWS Config | AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1READ\$1PROHIBITED AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1WRITE\$1PROHIBITED | 
| AWS CloudTrail | Jejak | aws-controltower-BaselineCloudTrail | 
| Amazon CloudWatch | CloudWatch Aturan Acara | aws-controltower-ConfigComplianceChangeEventRule | 
| Amazon CloudWatch | CloudWatch Log | /aws/lambda/aws-controltower-NotificationForwarder | 
| AWS Identity and Access Management | Peran | aws-controltower-AdministratorExecutionRole aws-controltower-CloudWatchLogsRole aws-controltower-ConfigRecorderRole aws-controltower-ForwardSnsNotificationRole aws-controltower-ReadOnlyExecutionRole aws-controltower-AuditAdministratorRole aws-controltower-AuditReadOnlyRole AWSControlTowerExecution | 
| AWS Identity and Access Management | Kebijakan | AWSControlTowerServiceRolePolicy | 
| Layanan Notifikasi Sederhana Amazon | Topik | aws-controltower-AggregateSecurityNotifications aws-controltower-AllConfigNotifications aws-controltower-SecurityNotifications | 
| AWS Lambda | Fungsi | aws-controltower-NotificationForwarder |