knowledge
services

Powered by GitBook

On this page

Overview
Benefits
Features
Guardrails
Landing zone
Controls
Account Factory
Dashboard
Trivia
Concepts

Control Tower

setup & govern a secure, compliant multi-account environment

PreviousOrganizational Unit NextAD Domain Service

Last updated 7 months ago

Overview

set up & govern your AWS multiple account environment base on best practices.
Orchestrates the capabilities of several services:
- AWS Organizations
- AWS Service Catalog
- AWS IAM Identity Center

Benefits

Set up automatically with well-architecture blueprint
Policy management, detect policy violations
Dashboard for monitor compliance.

Features

Guardrails

Preventive Guardrail (using SCPs): restrict regions across all your account
Detective Guardrail (using AWS Config): identify untagged resources.

Landing zone

Multi-account environment

Controls

Account Factory

Dashboard

Trivia

Need organization-level CloudTrail to be enabled

Concepts

Landing Zone: the overall multi-account env that Control Tower set up.
Organization Unit: an entity created within your org to group multiple account.
Guiderails: are pre-packaged SCP and AWS Config governance rules for security, operations, and compliance that customers can select and apply enterprise-wide or to specific groups of accounts.