Gruntwork Account Factory | Automate AWS Account Provisioning

Automation

Speed up provisioning of

new AWS accounts

Automate account creation and establish best-practice baselines that meet your teams' needs.

Traditional ClickOps

Manual setup in the AWS console is time consuming, error prone, and inconsistent.

Account Factory for Terraform

Battle with needless complexity only to achieve an incomplete solution.

Gruntwork Account Factory

Streamline and automate the end-to-end process of creating and configuring new AWS accounts.

Capabilities

Provision new AWS accounts in a standardised,

maintainable way

Give your teams the accounts, repos, baselines, configurations, and workflows they need to succeed, automatically.

AWS Accounts

Vend and baseline new AWS accounts

Use GitOps

Create new AWS accounts by opening a Pull Request that calls a standard OpenTofu/Terraform module

Configure with code

Set your new AWS account's name, root email address, Organization Unit (OU), and even custom properties like tag values, all using code

Use AWS Control Tower

Use Gruntwork's OpenTofu/Terraform modules for AWS Control Tower, and then use the standard Control Tower UI to review account status, SCPs, and more

OPENTOFU/TERRAFORM

Use OpenTofu / Terraform modules

Build with standards

Vend new AWS accounts that are nothing more than instances of standard OpenTofu/Terraform modules

Customize as needed

Because it's just code, you can customize your new AWS accounts to include whatever configuration you need

Get automatic updates

As Gruntwork releases new updates to underlying AWS account vending modules, stay up to date automatically using Gruntwork Patcher

SECURE AND COMPLIANT

Get tested, compliant AWS account baselines

Achieve compliant baselines

Gruntwork IaC Library modules create new AWS accounts that meet the requirements of the CIS AWS Foundations Benchmark

Configure all the things

Account baseline configurations include IAM roles, SSO access, tagging policies, secure network configurations, and more

Assume a strong security posture

Automatically configure Amazon GuardDuty, Amazon Macie, AWS Config, AWS CloudTrail, and optionally AWS SecurityHub

team accounts

Stand up a single AWS account or an entire team

Vend many accounts at once

300+ best-practice Terraform/OpenTofu modules

Create git repos

As part of vending a new team, you can also create a new GitHub repo for them, all in the same chain of pull requests

Customize your teams

Need to configure complex customer accounts, or special items for new internal teams? Everything is just code and fully customizable

“I recently spun up an entire new (permanent) environment - from AWS to our IDP and Datadog - in an afternoon, between meetings.”

Dallas Slaughter

Founding Engineer

Provision AWS accounts at the push of a button

Platform

Services

Open Source

Resources

Company