Many enterprise customers who use AWS Control Tower to create accounts want an uncomplicated way to extend the next steps in the account creation process. These next steps cover common business use cases, including creating networks, security profiles, governance, and compliance. Executing these processes for every new account created manually is cumbersome and challenging to manage. Using third-party service providers to address the process can be expensive.

There is the option to use Customizations for Control Tower to help alleviate some of these pain points. This solution lets you add customizations to AWS Control Tower and deploy your customizations to existing and new accounts. However, customers are looking for a more simplified way to create AWS accounts with enhancements unique to each account.

This is where AWS Account Factory Enhancements come in. This solution leverages AWS Service Catalog to present an AWS Account Factory product to the End User to create an AWS account and, in the creation process, add enhancements that they would like. The enhancements are based on AWS CloudFormation templates launched in the newly created account. The templates can perform fundamental tasks in the new accounts, like creating networks, security roles, storage profiles, configuring threat detection, and more.

This particular post will show how you can add an Amazon Simple Storage Service (Amazon S3) for storage and/or Amazon GuardDuty for intelligent threat detection to the AWS account configuration process. Although we’re only showing a few options, this blog will also show you how to extend this capability by adding additional CloudFormation templates to address other business requirements.