Posted On: Nov 10, 2021

AWS Control Tower now supports concurrent operations for detective guardrails to help expedite guardrail management. You can now enable multiple detective guardrails without needing to wait for individual guardrail operations to complete. AWS Control Tower provides customers with out-of-the-box preventive and detective guardrails that you can deploy to increase your security, operational, and compliance posture.

You can enable different detective guardrails (e.g. Detect Whether MFA for the Root User is Enabled and Detect Whether Public Write Access to Amazon S3 Buckets is Allowed) on the same Organizational Unit (OU), or different detective guardrails on different OUs concurrently. Guardrail error messaging has also been improved to give additional guidance for supported guardrail concurrent operations. Guardrails remain in effect as you create new accounts or make changes to your existing accounts, and Control Tower provides a summary report of how each account conforms to your enabled policies. For a full list of available guardrails, see Guardrail Reference - AWS Control Tower.

AWS Control Tower offers the easiest way to set up and govern a new, secure, multi-account AWS environment based on AWS best practices. Customers will create new accounts using AWS Control Tower’s account factory and enable governance features such as guardrails, centralized logging and monitoring in supported AWS Regions. To learn more, visit the AWS Control Tower homepage  or see the AWS Control Tower User Guide. For a full list of AWS Regions where AWS Control Tower is available, see the AWS Region Table.