Posted On: Nov 27, 2023

AWS Control Tower is excited to announce 65 new AWS-managed controls and enhanced Region deny capabilities to help you meet your digital sovereignty requirements. With this release, you can discover 245+ controls under a new digital sovereignty group in the AWS Control Tower console. You can use these controls to help prevent actions, enforce configurations, and detect resource changes for data residency, granular access restriction, encryption, and resiliency capabilities. 

You can choose to enable controls that help enforce your encryption and resiliency strategies, such as ‘Require an Amazon EBS snapshot to be created from an encrypted EC2 volume’ or ‘Require an AWS Network Firewall to be deployed across multiple Availability Zones’. You can also customize AWS Control Tower’s new Region deny control to apply regional restrictions that best fit your unique business needs. These capabilities are designed to make it simpler for you to address requirements at scale. AWS Control Tower’s dashboard provides a consolidated view of your controls and compliance state. For a list of available controls, see the AWS Control Tower control library

AWS Control Tower offers a simple, efficient way to set up and govern a secure, multi-account AWS environment based on AWS best practices. You can automate the creation of AWS accounts using AWS Control Tower’s account factory and enable governance features at scale such as controls, centralized logging, and monitoring. For more information about where AWS Control Tower is available, see AWS Regions. To learn more, visit AWS Control Tower and Digital Sovereignty at AWS.