Le traduzioni sono generate tramite traduzione automatica. In caso di conflitto tra il contenuto di una traduzione e la versione originale in Inglese, quest'ultima prevarrà.

# Risorse create negli account condivisi
<a name="shared-account-resources"></a>

Questa sezione mostra le risorse che AWS Control Tower crea negli account condivisi, quando configuri la landing zone.

Per informazioni sulle risorse degli account dei membri, consulta[Considerazioni sulle risorse per Account Factory](account-factory-considerations.md).

## Risorse dell'account di gestione
<a name="mgmt-account-resouces"></a>

Quando configuri la landing zone, all'interno del tuo account di gestione vengono create le seguenti AWS risorse.


| Servizio AWS | Tipo di risorsa | Nome risorsa | 
| --- | --- | --- | 
| AWS Organizations | Account | audit log archive | 
| AWS Organizations | OUs | Security Sandbox | 
| AWS Organizations | Policy di controllo dei servizi | aws-guardrails-\$1  | 
| AWS CloudFormation | Stack | AWSControlTowerBP-BASELINE-CLOUDTRAIL-MASTER AWSControlTowerBP-BASELINE-CONFIG-MASTER(nella versione 2.6 e successive) | 
| AWS CloudFormation | StackSets |  AWSControlTowerBP-BASELINE-CLOUDTRAIL(Non distribuito nella versione 3.0 e successive) AWSControlTowerBP\$1BASELINE\$1SERVICE\$1LINKED\$1ROLE (Deployed in 3.2 and later) AWSControlTowerBP-BASELINE-CLOUDWATCH AWSControlTowerBP-BASELINE-CONFIG AWSControlTowerBP-BASELINE-ROLES AWSControlTowerBP-BASELINE-SERVICE-ROLES AWSControlTowerBP-SECURITY-TOPICS AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-READ-PROHIBITED AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-WRITE-PROHIBITED AWSControlTowerLoggingResources AWSControlTowerSecurityResources AWSControlTowerExecutionRole  | 
| AWS Service Catalog | Prodotto | Account Factory di AWS Control Tower | 
| AWS Config | Aggregatore | aws-controltower-ConfigAggregatorForOrganizations | 
| AWS CloudTrail | Trail | aws-controltower-BaselineCloudTrail | 
| Amazon CloudWatch | CloudWatch Registri | aws-controltower/CloudTrailLogs | 
| AWS Identity and Access Management | Roles | AWSControlTowerAdmin AWSControlTowerStackSetRole AWSControlTowerCloudTrailRolePolicy | 
| AWS Identity and Access Management | Policy | AWSControlTowerServiceRolePolicy AWSControlTowerAdminPolicy AWSControlTowerCloudTrailRolePolicy AWSControlTowerStackSetRolePolicy | 
| AWS IAM Identity Center | Gruppi di directory | AWSAccountFabbrica AWSAuditAccountAdmins AWSControlTowerAdmins AWSLogArchiveAdmins AWSLogArchiveViewers AWSSecurityAuditors AWSSecurityAuditPowerUsers AWSServiceCatalogAdmins  | 
| AWS IAM Identity Center | Set di autorizzazioni | AWSAdministratorAccess AWSPowerUserAccess AWSServiceCatalogAdminFullAccess AWSServiceCatalogEndUserAccess AWSReadOnlyAccess AWSOrganizationsFullAccess  | 

**Nota**  
Non CloudFormation StackSet `BP_BASELINE_CLOUDTRAIL` è utilizzato nelle versioni 3.0 o successive delle landing zone. Tuttavia, continua a esistere nelle versioni precedenti della landing zone, fino a quando non aggiorni la landing zone.

## Registra e archivia le risorse dell'account
<a name="log-archive-resources"></a>

Quando configuri la landing zone, le seguenti AWS risorse vengono create all'interno del tuo account di archivio dei log.


| Servizio AWS | Tipo di risorsa | Nome risorsa | 
| --- | --- | --- | 
| AWS CloudFormation | Stack | StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-READ-PROHIBITED- StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-WRITE-PROHIBITED StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH- StackSet-AWSControlTowerBP-BASELINE-CONFIG- StackSet-AWSControlTowerBP-BASELINE-CLOUDTRAIL- StackSet-AWSControlTowerBP-BASELINE-SERVICE-ROLES- StackSet-AWSControlTowerBP-BASELINE-SERVICE-LINKED-ROLE-(In 3.2 and later) StackSet-AWSControlTowerBP-BASELINE-ROLES- StackSet-AWSControlTowerLoggingResources- | 
| AWS Config | Regole di AWS Config | AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1READ\$1PROHIBITED AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1WRITE\$1PROHIBIT | 
| AWS CloudTrail | Trail | aws-controltower-BaselineCloudTrail | 
| Amazon CloudWatch | CloudWatch Regole dell'evento | aws-controltower-ConfigComplianceChangeEventRule | 
| Amazon CloudWatch | CloudWatch Registri | /aws/lambda/aws-controltower-NotificationForwarder | 
| AWS Identity and Access Management | Roles | aws-controltower-AdministratorExecutionRole aws-controltower-CloudWatchLogsRole aws-controltower-ConfigRecorderRole aws-controltower-ForwardSnsNotificationRole aws-controltower-ReadOnlyExecutionRole AWSControlTowerExecution | 
| AWS Identity and Access Management | Policy | AWSControlTowerServiceRolePolicy | 
| Amazon Simple Notification Service | Argomenti | aws-controltower-SecurityNotifications | 
| AWS Lambda | Applicazioni | StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH-\$1 | 
| AWS Lambda | Funzioni | aws-controltower-NotificationForwarder | 
| Amazon Simple Storage Service | Bucket | aws-controltower-logs-\$1 aws-controltower-s3-access-logs-\$1 | 

## Controlla le risorse dell'account
<a name="audit-account-resources"></a>

Quando configuri la landing zone, all'interno del tuo account di controllo vengono create le seguenti AWS risorse.


| Servizio AWS | Tipo di risorsa | Nome risorsa | 
| --- | --- | --- | 
| AWS CloudFormation | Stack | StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-READ-PROHIBITED- StackSet-AWSControlTowerGuardrailAWS-GR-AUDIT-BUCKET-PUBLIC-WRITE-PROHIBITED- StackSet-AWSControlTowerBP-BASELINE-CLOUDWATCH- StackSet-AWSControlTowerBP-BASELINE-CONFIG- StackSet-AWSControlTowerBP-BASELINE-CLOUDTRAIL- StackSet-AWSControlTowerBP-BASELINE-SERVICE-ROLES- StackSet-AWSControlTowerBP-BASELINE-SERVICE-LINKED-ROLE-(In 3.2 and later) StackSet-AWSControlTowerBP-SECURITY-TOPICS- StackSet-AWSControlTowerBP-BASELINE-ROLES- StackSet-AWSControlTowerSecurityResources-\$1 | 
| AWS Config | Aggregatore | aws-controltower-GuardrailsComplianceAggregator | 
| AWS Config | Regole di AWS Config | AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1READ\$1PROHIBITED AWSControlTower\$1AWS-GR\$1AUDIT\$1BUCKET\$1PUBLIC\$1WRITE\$1PROHIBITED | 
| AWS CloudTrail | Trail | aws-controltower-BaselineCloudTrail | 
| Amazon CloudWatch | CloudWatch Regole dell'evento | aws-controltower-ConfigComplianceChangeEventRule | 
| Amazon CloudWatch | CloudWatch Registri | /aws/lambda/aws-controltower-NotificationForwarder | 
| AWS Identity and Access Management | Roles | aws-controltower-AdministratorExecutionRole aws-controltower-CloudWatchLogsRole aws-controltower-ConfigRecorderRole aws-controltower-ForwardSnsNotificationRole aws-controltower-ReadOnlyExecutionRole aws-controltower-AuditAdministratorRole aws-controltower-AuditReadOnlyRole AWSControlTowerExecution | 
| AWS Identity and Access Management | Policy | AWSControlTowerServiceRolePolicy | 
| Amazon Simple Notification Service | Argomenti | aws-controltower-AggregateSecurityNotifications aws-controltower-AllConfigNotifications aws-controltower-SecurityNotifications | 
| AWS Lambda | Funzioni | aws-controltower-NotificationForwarder |