Control Tower
setup & govern a secure, compliant multi-account environment
Overview
set up & govern your AWS multiple account environment base on best practices.
Orchestrates the capabilities of several services:
AWS IAM Identity Center
Benefits
Set up
automatically
with well-architecture blueprintPolicy management, detect policy violations
Dashboard for monitor compliance.
Features
Guardrails
Preventive Guardrail (using SCPs): restrict regions across all your account
Detective Guardrail (using AWS Config): identify untagged resources.
Landing zone
Multi-account environment
Controls
Account Factory
Dashboard
Trivia
Need organization-level CloudTrail to be enabled
Concepts
Landing Zone: the overall multi-account env that Control Tower set up.
Organization Unit: an entity created within your org to group multiple account.
Guiderails: are pre-packaged SCP and AWS Config governance rules for security, operations, and compliance that customers can select and apply enterprise-wide or to specific groups of accounts.
Last updated