Posted On: Aug 3, 2021
AWS Control Tower is now available in 2 additional AWS Regions: South America (Sao Paulo), and Europe (Paris) that expands AWS Control Tower availability to 15 AWS Regions. We are announcing AWS Control Tower Region Deselection that enhances your ability to efficiently manage the geographical footprint of your AWS Control Tower resources. You can now deselect Regions you would no longer like AWS Control Tower to govern; providing you with the capabilities to address compliance and regulatory concerns while balancing the costs associated with expanding into additional regions.
Region Deselection is available when you update your AWS Control Tower landing zone version. When you use Account Factory to create a new account or enroll a preexisting member account or you use Extend Governance to enroll accounts in a preexisting organizational unit, AWS Control Tower deploys its governance capabilities of centralized logging, monitoring and guardrails in your chosen Regions in the accounts. Choosing to deselect a region and remove AWS Control Tower governance from that region will remove that functionality but it will not inhibit your users’ ability to deploy AWS resources or workloads into those regions.
If you are new to AWS Control Tower, you can launch it today in any of the supported Regions. During the launch, you can select the Regions where you want AWS Control Tower to build and govern your multi-account environment.
If you are already using AWS Control Tower and you want to extend or remove AWS Control Tower governance features (such as logging and monitoring capabilities, and detective guardrail coverage) to one or more of the supported Regions, you can go to the Landing Zone Settings page in your Control Tower dashboard, select the Regions for AWS Control Tower to govern. After updating your landing zone, you must then update all accounts that are governed by AWS Control Tower.