Posted On: Jul 24, 2023
We are excited to announce the launch of 28 new proactive controls in AWS Control Tower. This launch enhances AWS Control Tower’s governance capabilities, allowing you to implement controls at scale across your multi-account AWS environments by blocking non-compliant resources before they are provisioned for services such as Amazon CloudWatch, Amazon Neptune, Amazon ElastiCache, AWS Step Functions, and Amazon DocumentDB. These new controls help you meet control objectives such as establish logging and monitoring, encrypt data at rest, or improve resiliency. To see a full list of the new controls, see the controls reference guide.
AWS Control Tower’s proactive control capabilities leverage AWS CloudFormation Hooks to identify and block non-compliant resources proactively before AWS CloudFormation provisions them. AWS Control Tower’s proactive controls complement AWS Control Tower’s existing preventive and detective control capabilities.
AWS Control Tower new proactive controls are available in all AWS Regions where AWS Control Tower is available. For a full list of AWS regions where AWS Control Tower is available, see AWS Region Table.