Organizational Units in AWS Control Tower can now contain up to 1,000 accounts

Posted on: Aug 30, 2024

AWS Control Tower now allows you to register Organizational Units (OUs) containing up to 1,000 accounts. With this launch, you can implement governance best practices and standardize configurations across the accounts in your OUs at greater scale. When you register an OU or enable the AWS Control Tower baseline on an OU, member accounts receive best practice configurations, controls, and baseline resources such as AWS IAM roles, AWS CloudTrail, AWS Config, AWS Identity Center, required for AWS Control Tower governance.

Until today, you could only register OUs with 300 accounts or less. Now, you can enroll up to 1,000 AWS accounts under AWS Control Tower governance in a single OU. This allows greater flexibility to preserve your existing OU structure when migrating to AWS Control Tower, and increased ability to scale in-place. Performance enhancements to the OU registration and re-registration processes also enable you to deploy AWS Control Tower baseline resources into your member accounts more efficiently.

The maximum number of accounts in an OU may differ depending on the number enabled controls and the number of regions you have under governance. To learn more, visit Limitations based on underlying AWS services in the AWS Control Tower User Guide. For a full list of AWS regions where AWS Control Tower is available, see AWS Region Table.