Posted On: Jun 24, 2019
AWS Control Tower is now generally available and supported for production use. AWS Control Tower is a service that is intended for organizations with multiple accounts and teams who are looking for the easiest way to set up their new multi-account AWS environment and govern at scale. With AWS Control Tower, cloud administrators get peace of mind knowing accounts in their organization are compliant with established policies while builders provision new AWS accounts quickly in a few clicks.
Using AWS Control Tower, cloud administrators can set up an automated landing zone that employs best-practices blueprints such as configuring multi-account structure using AWS Organizations, managing user identities and federated access with AWS Single Sign-on, enabling account provisioning through AWS Service Catalog, and creating a centralized log archive using AWS CloudTrail and AWS Config. For ongoing governance, they can enable pre-configured guardrails – clearly defined rules for security, operations, and compliance – that prevent deployment of resources that don’t conform to policies and continuously monitor deployed resources for nonconformance. AWS Control Tower’s dashboard provides centralized visibility into their AWS environment including accounts provisioned, guardrails enabled, and the compliance status of accounts.
Administrators can set up a new multi-account environment with just a single click in the AWS Management Console. There are no additional charges or upfront commitments to use Control Tower; they pay only for AWS services enabled in order to set up a landing zone and implement selected guardrails. To get started, visit the AWS Control Tower web page.
Control Tower is available to use in the following AWS Regions: US East (Ohio), Europe (Ireland), US East (N. Virginia), and US West (Oregon).