Posted On: May 19, 2023

Today we are excited to announce the launch of 28 new proactive controls in AWS Control Tower. This launch enhances AWS Control Tower’s governance capabilities, allowing you to implement controls at scale across your multi-account AWS environments by blocking non-compliant resources before they are provisioned for services such as AWS OpenSearch Service, AWS Auto Scaling, Amazon SageMaker, Amazon API Gateway, and Amazon RDS. These new controls help you meet control objectives such as data encryption at rest or limit network access. To see a full list of the new controls, see the controls reference guide

AWS Control Tower’s proactive control capabilities leverage AWS CloudFormation Hooks to identify and block non-compliant resources proactively before AWS CloudFormation provisions them. AWS Control Tower’s proactive controls complement AWS Control Tower’s existing preventive and detective control capabilities. 

AWS Control Tower’s new proactive controls are available in all AWS Regions where AWS Control Tower is available. For a full list of AWS regions where AWS Control Tower is available, see AWS Region Table.