Org Kickstart is an opinionated Terraform module for bootstrapping and governing AWS Organizations. It delivers the good parts of Control Tower — security services, account factory, and guardrails — without the AWS Config cost, Service Catalog complexity, or lock-in.
Deploy a fully governed AWS Organization from a single terraform apply.
Security by Default
Automatically delegates and configures GuardDuty, Security Hub, Inspector, and Macie across every region and every account in your organization.
Policy as Code
Manage Service Control Policies, Resource Control Policies, and Declarative Policies from Terraform, with templating support for org-specific variables.
Account Factory
Add an account to a tfvars file and get a fully configured AWS account in the right OU, with SSO access, budgets, and alternate contacts.
Designed for Practitioners
No PhD in AWS Service Catalog required. Org Kickstart is built by practitioners, for practitioners who need a production-grade landing zone — not a bloated compliance framework.
Open Source
Apache 2.0 licensed and developed in the open on GitHub. Contributions and bug reports are always welcome.
Cost Conscious
Unlike Control Tower, Org Kickstart does not require AWS Config in every account and region. Deploy comprehensive security governance without the runaway Config costs.