Posted On: Jan 28, 2021

You can now extend AWS Control Tower governance to existing AWS organizational units (OUs) from within the AWS Control Tower console. This feature allows you to bring your top-level OUs and included accounts under AWS Control Tower governance. When you register an Organizational Unit, AWS Control Tower will perform a series of checks to ensure successful extension of governance and enrollment of accounts within the OU.

With this feature, you now have the ability to bring an entire OU under AWS Control Tower governance with one simple process initiated in the AWS Control Tower console. The use of pre-checks ensures that the accounts in the target OU meet the necessary standards before AWS Control Tower begins the registration process. If any account fails the pre-checks you will be notified and directed to information on how to correct the issue so that you can proceed with registering the OU. AWS Control Tower is designed for organizations with multiple accounts and teams who are looking for the easiest way to set up their new or existing multi-account AWS environment and govern at scale. With an organization governed by AWS Control Tower, cloud administrators know that accounts in the organization are compliant with established policies.

For a full list of regions where AWS Control Tower is available, see the AWS Region Table. To learn more, visit the AWS Control Tower homepage or see the Control Tower User Guide

You can also visit the AWS Control Tower product webpage or visit YouTube to watch this video about getting started with AWS Control Tower for AWS Organizations