Posted On: Dec 30, 2020
AWS Control Tower now includes an organization-level aggregator, which assists in detecting external AWS Config rules. This will provide you with visibility in the AWS Control Tower console to see externally created AWS Config rules in addition to those AWS Config rules created by AWS Control Tower. The use of the aggregator enables AWS Control Tower to detect this information and provide a link to the AWS Config console without the need for AWS Control Tower to gain access to unmanaged accounts.
With this feature, you now have a consolidated view of detective guardrails applied to your accounts so that you can easily track compliance and determine if additional guardrails are needed. AWS Control Tower is designed for organizations with multiple accounts and teams who are looking for the easiest way to set up their new or existing multi-account AWS environment and govern at scale. With an organization governed by AWS Control Tower, cloud administrators know that accounts in the organization are compliant with established policies.