Posted On: Nov 18, 2021
We are excited to announce the support for AWS Organizations nested organizational units (OUs) in AWS Control Tower. An organization is an entity that you create to consolidate a collection of AWS accounts so that you can administer them as a single unit. Within each organization, you can create organizational units which help manage and govern groups of accounts in an organization. Nested OUs provide further customization between groups of accounts within OUs, giving you more flexibility when applying policies for different workloads or applications. For example, you can separate production workloads and non-production workloads within an OU. With support for nested OUs, you can now easily organize accounts in your Control Tower environment in a hierarchical, tree-like structure that best reflects your business needs.
Control Tower provides guardrails that can be attached to your OUs to simplify governance. With nested OUs, you can attach guardrails to OUs instead of directly to each account. This becomes an important scaling mechanism as you add accounts in your Control Tower environment, as policies applied at the OU-level automatically apply to accounts within the OU. In the Control Tower console governance status of each OU is representative of the status for the OUs nested beneath it in the hierarchy.
AWS Control Tower offers the easiest way to set up and govern a new, secure, multi-account AWS environment based on AWS best practices. Customers will create new accounts using AWS Control Tower’s account factory and enable governance features such as guardrails, centralized logging and monitoring in supported AWS Regions. To learn more, visit the AWS Control Tower homepage or see the AWS Control Tower User Guide. For a full list of AWS Regions where AWS Control Tower is available, see the AWS Region Table.