AWS Control Tower Account Factory for Terraform (AFT) now allows you to customize the resources deployed and recorded by AFT. You can now choose whether or not to deploy AFT using a virtual private cloud (VPC). You can also customize the retention periods for AWS Backup recovery points, Amazon Cloudwatch log groups, and Amazon S3 log archive buckets to meet your unique data retention needs. This release includes enhancements to AFT VPC default security group to align with AWS Foundational Security Best Practices.
Source:: Amazon AWS