docs: describe how to create accounts without default VPCs (#13)

rehanvdm · web-flow · commit 5df9408965c7 · 2024-07-22T11:56:51.000+02:00
diff --git a/docs/sop/Account Factory Settings.md b/docs/sop/Account Factory Settings.md
@@ -0,0 +1,16 @@
+# Account Factory Settings
+
+## Network Configuration
+
+VPCs will be defined in code and Control Tower must not create any VPCs. There is no single option to toggle VPC
+creation off in Control Tower, from the [AWS documentation](https://docs.aws.amazon.com/controltower/latest/userguide/configure-without-vpc.html) 
+the following steps are required to disable VPC creation:
+
+1. Navigate to `Account Factory` in the Control Tower AWS Console.
+2. Edit the `Network configuration`
+3. Disable `Internet-accessible subnet`
+4. Set `Maximum number of private subnets` to 0
+5. Deselect all `Regions for VPC creation`
+6. Save
+
+![img_7.png](img_7.png)
diff --git a/docs/sop/Bring an existing AWS Account.md b/docs/sop/Bring an existing AWS Account.md
@@ -0,0 +1,14 @@
+# Bring an existing AWS Account
+
+TODO: Complete list
+
+1. Add the account under the right OU in the CDK construct.
+
+## Networking
+
+Each account must have non overlapping VPC CIDRs.
+
+If the account has overlapping CIDRs with other accounts it is recommended to create a new VPC with the CDK account's vpc 
+properties and then migrate the resources to the new VPC. If that's not possible consider CloudFormation imports. 
+It's important to note that the CDK construct will remove any existing VPCs. This creates the opportunity for migrating
+to the new VPC gradually or allows leaving the resources in the old VPC indefinitely.
diff --git a/docs/sop/Create an AWS Account.md b/docs/sop/Create an AWS Account.md
@@ -6,6 +6,9 @@
 
 ### Create Account in the AWS Console
 
+> [!CAUTION]
+> Ensure that the [Account Factory Settings](Account%20Factory%20Settings.md) are correct before creating the account.
+
 1. Log in to the Management Account and navigate to Control Tower (CT), ensure you are in the correct region.
 1. Click on the `Account Factory` in the left-hand menu. Then on `Create Account`.
 1. Fill all the details in. 
diff --git a/docs/sop/img_7.png b/docs/sop/img_7.png
diff --git a/src/defaults.ts b/src/defaults.ts
@@ -10,7 +10,6 @@ export class Defaults {
   public static denyServiceList() {
     return [
       'eks:*',
-      'ec2:*',
     ];
   }
 

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@ export class Defaults {`
`10`	`10`	`public static denyServiceList() {`
`11`	`11`	`return [`
`12`	`12`	`'eks:*',`
`13`		`- 'ec2:*',`
`14`	`13`	`];`
`15`	`14`	`}`
`16`	`15`