Skip to content

Commit 6f704d8

Browse files
muakvikmuakvik
authored
docs: Add AWS Control Tower 4.0 compatibility notice to README
1 parent f3c57b7 commit 6f704d8

1 file changed

Lines changed: 27 additions & 0 deletions

File tree

README.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,33 @@ Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. SPDX-License-
1010

1111
## <!-- omit in toc -->
1212

13+
---
14+
15+
## ⚠️ AWS SRA Code Library & Control Tower 4.0: Compatibility Notice<!-- omit in toc -->
16+
17+
AWS Control Tower 4.0 introduces architectural changes that affect the existing SRA code library, including how AWS Config, CloudTrail, and S3 log buckets are structured and referenced. If you're upgrading to CT 4.0 or have already done so, follow the steps below to restore compatibility.
18+
19+
### Steps to Resolve<!-- omit in toc -->
20+
21+
**Step 1: Follow the Upgrade Instructions**
22+
23+
Review the key CT 4.0 changes that impact SRA and apply the corresponding updates to your local deployment:
24+
25+
- Enable AWS Config and CloudTrail via Control Tower before deploying SRA — these are now optional integrations in CT 4.0 and must be explicitly enabled.
26+
- Update your local SRA templates to reference the new dedicated S3 buckets for Config logs (`aws-controltower-config-logs-{LogArchiveAccountId}-{suffix}`) instead of the legacy shared CT logs bucket.
27+
28+
For full migration details, refer to the [Control Tower 4.0 migration guide](https://docs.aws.amazon.com/controltower/latest/userguide/ct-migrate.html) and [Upgrading to CT 4.0 best practices](https://docs.aws.amazon.com/controltower/latest/userguide/ct-update.html).
29+
30+
**Step 2: Reach Out to Your AWS Account Manager**
31+
32+
If you've followed the instructions above and are still experiencing issues, contact your AWS Account Manager. They can connect you with the right AWS support resources for further troubleshooting.
33+
34+
**Step 3: Don't Have an Account Manager? Cut Us a Ticket**
35+
36+
If you don't have an AWS Account Manager, [submit a GitHub issue](https://github.com/aws-samples/aws-security-reference-architecture-examples/issues) directly to the SRA team. We'll provide support on a best-effort basis.
37+
38+
---
39+
1340
## Table of Contents<!-- omit in toc -->
1441

1542
- [Introduction](#introduction)

0 commit comments

Comments
 (0)