account vending solution S O L U T I O N E X A M P L E – P A R T T W O 28 9. Creation of new account triggers lifecycle event Lambda function to • Add account to Active Directory and grant user(s) permission • Create alias for the new account • Grant new account permission to call network dispatcher • Grant new account permission for CloudWatch log destination • Update Amazon S3 account public access • Other as needed 10. Triggers AWS Control Tower customization to deploy necessary infrastructure and resources in the new account 11. When all resources are deployed, AWS Control Tower customization calls account vending function to update status 12. When all steps succeed, vending function calls ticketing system 13. Lambda resolves ticket and notifies user that requested account is ready for use