本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 登录区架构
landing zone 是一种 AWS 资源,它是通过架构创建的。每个 AWS Control Tower 登录区版本都有唯一的架构。
本参考部分发布了 AWS Control Tower 着陆区 3.1 及更高版本的架构,以帮助您选择兼容的版本。
**注意**
登录区版本 3.0 中存在一个关于*非必要访问日志记录*的已知问题。该问题已在登录区版本 3.1 中得到解决。有关这些更改的更多信息,请参阅 [AWS Control Tower 登录区版本 3.1](2023-all.md#lz-3-1)。
## 着陆区 4.0 架构
```
{
"type": "object",
"required": [],
"properties": {
"accessManagement": {
"$ref": "#/definitions/AccessManagement"
},
"backup": {
"$ref": "#/definitions/Backup"
},
"centralizedLogging": {
"$ref": "#/definitions/CentralizedLogging"
},
"governedRegions": {
"type": "array",
"items": {
"type": "string",
"maxLength": 24,
"minLength": 1,
"pattern": "^[a-z]{2}-[a-z\\-]*-[0-9]{1}$",
"additionalProperties": false
},
"additionalProperties": false
},
"securityRoles": {
"$ref": "#/definitions/SecurityRoles"
},
"config": {
"$ref": "#/definitions/Config"
}
},
"additionalProperties": false,
"definitions": {
"AccessManagement": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"additionalProperties": false
}
},
"additionalProperties": false
},
"Backup": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"configurations": {
"$ref": "#/definitions/BackupConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"configurations"
]
}
},
"BackupAdminConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"BackupConfigurations": {
"type": "object",
"required": [
"backupAdmin",
"centralBackup",
"kmsKeyArn"
],
"properties": {
"backupAdmin": {
"$ref": "#/definitions/BackupAdminConfigurations"
},
"centralBackup": {
"$ref": "#/definitions/CentralBackupConfigurations"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralBackupConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralizedLogging": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
},
"configurations": {
"$ref": "#/definitions/LoggingConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"accountId"
]
}
},
"LoggingConfigurations": {
"type": "object",
"properties": {
"accessLoggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
},
"loggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
}
},
"additionalProperties": false
},
"S3BucketConfiguration": {
"type": "object",
"properties": {
"retentionDays": {
"type": "number",
"minimum": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"SecurityRoles": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
},
"enabled": {
"type": "boolean",
"additionalProperties": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"accountId"
]
}
},
"Config": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
},
"configurations": {
"$ref": "#/definitions/ConfigConfiguration"
},
"enabled": {
"type": "boolean",
"additionalProperties": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"accountId"
]
}
},
"ConfigConfiguration": {
"type": "object",
"required": [],
"properties": {
"loggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
},
"accessLoggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
}
}
}
}
}
```
## 登录区 3.3 架构
```
{
"type": "object",
"required": [
"centralizedLogging",
"organizationStructure",
"securityRoles"
],
"properties": {
"accessManagement": {
"$ref": "#/definitions/AccessManagement"
},
"backup": {
"$ref": "#/definitions/Backup"
},
"centralizedLogging": {
"$ref": "#/definitions/CentralizedLogging"
},
"governedRegions": {
"type": "array",
"items": {
"type": "string",
"maxLength": 24,
"minLength": 1,
"pattern": "^[a-z]{2}-[a-z\\-]*-[0-9]{1}$",
"additionalProperties": false
},
"additionalProperties": false
},
"organizationStructure": {
"$ref": "#/definitions/OrganizationStructure"
},
"securityRoles": {
"$ref": "#/definitions/SecurityRoles"
}
},
"additionalProperties": false,
"definitions": {
"AccessManagement": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": true
}
},
"additionalProperties": false
},
"Backup": {
"type": "object",
"properties": {
"configurations": {
"$ref": "#/definitions/BackupConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"configurations"
]
}
},
"BackupAdminConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"BackupConfigurations": {
"type": "object",
"required": [
"backupAdmin",
"centralBackup",
"kmsKeyArn"
],
"properties": {
"backupAdmin": {
"$ref": "#/definitions/BackupAdminConfigurations"
},
"centralBackup": {
"$ref": "#/definitions/CentralBackupConfigurations"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralBackupConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralizedLogging": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
},
"configurations": {
"$ref": "#/definitions/LoggingConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": true
}
},
"additionalProperties": false
},
"LoggingConfigurations": {
"type": "object",
"properties": {
"accessLoggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
},
"loggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
}
},
"additionalProperties": false
},
"OrganizationalUnit": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"maxLength": 120,
"minLength": 1,
"pattern": "^[\\s\\S]*$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"OrganizationStructure": {
"type": "object",
"required": [
"security"
],
"properties": {
"sandbox": {
"$ref": "#/definitions/OrganizationalUnit"
},
"security": {
"$ref": "#/definitions/OrganizationalUnit"
}
},
"additionalProperties": false
},
"S3BucketConfiguration": {
"type": "object",
"properties": {
"retentionDays": {
"type": "number",
"minimum": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"SecurityRoles": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
}
}
}
```
## 登录区 3.2 架构
```
{
"type": "object",
"required": [
"centralizedLogging",
"organizationStructure",
"securityRoles"
],
"properties": {
"accessManagement": {
"$ref": "#/definitions/AccessManagement"
},
"backup": {
"$ref": "#/definitions/Backup"
},
"centralizedLogging": {
"$ref": "#/definitions/CentralizedLogging"
},
"governedRegions": {
"type": "array",
"items": {
"type": "string",
"maxLength": 24,
"minLength": 1,
"pattern": "^[a-z]{2}-[a-z\\-]*-[0-9]{1}$",
"additionalProperties": false
},
"additionalProperties": false
},
"organizationStructure": {
"$ref": "#/definitions/OrganizationStructure"
},
"securityRoles": {
"$ref": "#/definitions/SecurityRoles"
}
},
"additionalProperties": false,
"definitions": {
"AccessManagement": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": true
}
},
"additionalProperties": false
},
"Backup": {
"type": "object",
"properties": {
"configurations": {
"$ref": "#/definitions/BackupConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"configurations"
]
}
},
"BackupAdminConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"BackupConfigurations": {
"type": "object",
"required": [
"backupAdmin",
"centralBackup",
"kmsKeyArn"
],
"properties": {
"backupAdmin": {
"$ref": "#/definitions/BackupAdminConfigurations"
},
"centralBackup": {
"$ref": "#/definitions/CentralBackupConfigurations"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralBackupConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralizedLogging": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
},
"configurations": {
"$ref": "#/definitions/LoggingConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": true
}
},
"additionalProperties": false
},
"LoggingConfigurations": {
"type": "object",
"properties": {
"accessLoggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
},
"loggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
}
},
"additionalProperties": false
},
"OrganizationalUnit": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"maxLength": 120,
"minLength": 1,
"pattern": "^[\\s\\S]*$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"OrganizationStructure": {
"type": "object",
"required": [
"security"
],
"properties": {
"sandbox": {
"$ref": "#/definitions/OrganizationalUnit"
},
"security": {
"$ref": "#/definitions/OrganizationalUnit"
}
},
"additionalProperties": false
},
"S3BucketConfiguration": {
"type": "object",
"properties": {
"retentionDays": {
"type": "number",
"minimum": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"SecurityRoles": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
}
}
}
```
## 登录区 3.1 架构
```
{
"type": "object",
"required": [
"centralizedLogging",
"organizationStructure",
"securityRoles"
],
"properties": {
"accessManagement": {
"$ref": "#/definitions/AccessManagement"
},
"backup": {
"$ref": "#/definitions/Backup"
},
"centralizedLogging": {
"$ref": "#/definitions/CentralizedLogging"
},
"governedRegions": {
"type": "array",
"items": {
"type": "string",
"maxLength": 24,
"minLength": 1,
"pattern": "^[a-z]{2}-[a-z\\-]*-[0-9]{1}$",
"additionalProperties": false
},
"additionalProperties": false
},
"organizationStructure": {
"$ref": "#/definitions/OrganizationStructure"
},
"securityRoles": {
"$ref": "#/definitions/SecurityRoles"
}
},
"additionalProperties": false,
"definitions": {
"AccessManagement": {
"type": "object",
"required": [
"enabled"
],
"properties": {
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": true
}
},
"additionalProperties": false
},
"Backup": {
"type": "object",
"properties": {
"configurations": {
"$ref": "#/definitions/BackupConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": false
}
},
"additionalProperties": false,
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"required": [
"configurations"
]
}
},
"BackupAdminConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"BackupConfigurations": {
"type": "object",
"required": [
"backupAdmin",
"centralBackup",
"kmsKeyArn"
],
"properties": {
"backupAdmin": {
"$ref": "#/definitions/BackupAdminConfigurations"
},
"centralBackup": {
"$ref": "#/definitions/CentralBackupConfigurations"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralBackupConfigurations": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"CentralizedLogging": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
},
"configurations": {
"$ref": "#/definitions/LoggingConfigurations"
},
"enabled": {
"type": "boolean",
"additionalProperties": false,
"default": true
}
},
"additionalProperties": false
},
"LoggingConfigurations": {
"type": "object",
"properties": {
"accessLoggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
},
"kmsKeyArn": {
"type": "string",
"maxLength": 2048,
"minLength": 1,
"additionalProperties": false
},
"loggingBucket": {
"$ref": "#/definitions/S3BucketConfiguration"
}
},
"additionalProperties": false
},
"OrganizationalUnit": {
"type": "object",
"required": [
"name"
],
"properties": {
"name": {
"type": "string",
"maxLength": 120,
"minLength": 1,
"pattern": "^[\\s\\S]*$",
"additionalProperties": false
}
},
"additionalProperties": false
},
"OrganizationStructure": {
"type": "object",
"required": [
"security"
],
"properties": {
"sandbox": {
"$ref": "#/definitions/OrganizationalUnit"
},
"security": {
"$ref": "#/definitions/OrganizationalUnit"
}
},
"additionalProperties": false
},
"S3BucketConfiguration": {
"type": "object",
"properties": {
"retentionDays": {
"type": "number",
"minimum": 1,
"additionalProperties": false
}
},
"additionalProperties": false
},
"SecurityRoles": {
"type": "object",
"required": [
"accountId"
],
"properties": {
"accountId": {
"type": "string",
"maxLength": 12,
"minLength": 12,
"pattern": "^\\d{12}$",
"additionalProperties": false
}
},
"additionalProperties": false
}
}
}
```