AWS Control Tower
The easiest way to set up and govern a new, secure multi-account AWS environment
If you’re an organization with multiple AWS accounts and teams, cloud setup and governance can be complex and time consuming, slowing down the very innovation you’re trying to speed up. AWS Control Tower provides the easiest way to set up and govern a new, secure, multi-account AWS environment based on best practices established through AWS’ experience working with thousands of enterprises as they move to the cloud. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while you have peace of mind knowing your accounts conform to your company-wide policies. If you are building a new AWS environment, starting out on your journey to AWS, starting a new cloud initiative, or are completely new to AWS, Control Tower will help you get started quickly with governance and best practices built-in.
Quickly setup and configure a new AWS environment
Automate the setup of your multi-account AWS environment with just a few clicks. The setup employs blueprints, which capture AWS best practices for configuring AWS security and management services to govern your environment. Blueprints are available to provide identity management, federate access to accounts, centralize logging, establish cross-account security audits, define workflows for provisioning accounts, and implement account baselines with network configurations.
Automate ongoing policy management
Control Tower provides mandatory and strongly recommended high-level rules, called guardrails, that help enforce your policies using service control policies (SCPs), or detect policy violations using AWS Config rules. These rules remain in effect as you create new accounts or make changes to your existing accounts, and Control Tower provides a summary report of how each account conforms to your enabled policies.
View policy-level summaries of your AWS environment
Control Tower provides you with an integrated dashboard so you can see a top-level summary of policies applied to your AWS environment. You can view details on the accounts provisioned, the guardrails enabled across your accounts, and account level status for compliance with your guardrails.
How it works
Slalom is a modern consulting firm focused on strategy, technology, and business transformation. With offices in 27 cities across the United States, United Kingdom, and Canada, seven regional innovation hubs, and more than 6,500 employees, Slalom's teams have autonomy to move fast. The firm uses Control Tower to make governance across the organization easier and more effective, and to better serve its clients.
"AWS Control Tower will help centralize and consistently apply AWS best practices, and provide guardrails to monitor and enforce our security and compliance policies across AWS accounts. We’ve been advising customers about Control Tower and are seeing a lot of excitement about the service, particularly among our larger multinational clients and those with stringent compliance needs." - Tony Rojas, President, Slalom
Deutsche Börse Group
Deutsche Börse Group, an international exchange organization headquartered in Germany and with global offices in Europe, North America, and Asia, offers financial institutions and investors a range of financial market products, services, and technologies. Its business areas include pre-trading, post-trading, and services for collateral and liquidity management. In addition, the organization develops state-of-the-art IT solutions and offers IT systems all over the world.
“We started using AWS Control Tower to speed up our AWS account creation with its 'Account Factory.’ It gives us an easy way to create accounts across our organization and establish guardrails to enforce or check for policy compliance. Now our teams can quickly create accounts with pre-configured permissions to enable us to perform audit or administrative actions.” - Christian Tueffers, cloud architect at Deutsche Börse Group
The California State University
The California State University system is the largest four-year public university, based on enrollment, in the United States. The organization is working to provide a cloud environment that can scale to support 500,000 students across 23 campuses in the state of California.
“Getting started on AWS Control Tower was incredibly easy. Within five minutes, Control Tower had begun creating a best-practice accounts structure, enabling security guardrails, and establishing governance controls for us. What previously took us weeks of effort was completed in about an hour. We have seen how Control Tower scales up to meet our needs and because it's orchestrating AWS services, we have flexibility to build quickly based on the landing zone it creates.” - Ryan Matteson, Director of Systemwide Cloud Acceleration at California State University
The rapid pace of Uber’s business requires a quick and reliable way to spin up AWS accounts for new processes and services while meeting baseline security requirements including logging, identity and access management, preventative security controls, and continuous monitoring.
“Our technical infrastructure requires significant engineering effort from internal teams to manage their portfolio as our security policies evolve while maintaining a high bar of quality for each service. We decided to adopt AWS Control Tower into our existing account bootstrap process because it allows us to build-on automation capabilities tailored to Uber’s unique environment. We’ve been able to use it to enable single sign-on, identity and access management, account vending, and service integration with security controls that align with industry standards. Uber’s environment evolves quickly and Control Tower gives our cloud security team a solid foundation with the flexibility we need to build for the future.” - Oliver Szimmetat, Engineering Manager, Uber Cloud Security
Founded in the early days of DevOps to help large companies accelerate their software releases with more reliability, XebiaLabs offers release orchestration and application delivery software that provides companies with the visibility, automation and control they need to deliver software faster and with less risk. XebiaLabs was looking for an easy way to set up and manage a secure AWS environment. They also wanted to manage the application environments of multiple teams in one central place for governance and security.
"AWS Control Tower gives us simplified management and peace of mind. Now we have one central place for policy management, enforcement and reporting." - XebiaLabs CEO, Derek Langone
Edmunds guides car shoppers online from research to purchase. With in-depth reviews of every new vehicle, shopping tips from an in-house team of experts, plus a wealth of consumer and automotive market insights, Edmunds helps millions of shoppers each month select, price and buy a car with confidence. The company wanted to have consistent provisioning of AWS accounts while ensuring that all accounts adhered to best practices and compliance policies. Edmunds team had always considered AWS multi-account management a key aspect of onboarding new teams and workloads on AWS and as part of on-going operations. Edmunds had used home grown solutions to meet those needs until now which can be considered ‘undifferentiated heavy lifting’.
"Historically, we had built our own custom solution, so having AWS Control Tower functionality natively available in AWS will make account provisioning and governance easier." - Emil Ndreu, Edmunds Executive Cloud Director
Karma Automotive is a manufacturing company that designs and engineers luxury, electric cars. Assembling vehicles in Southern California, Karma Automotive is committed to creating a more sustainable future for cars. Karma Automotive decided to use AWS Control Tower in order to expedite their migration into the cloud:
“Our transition to the cloud is on a tight timeline, as we have pressure on our resources and cannot change the target dates. Control tower allows us to move faster on tighter rails. With Control Tower, we can also seamlessly centralize policy management, enforce governance and compliance, enable end user self-service, and get continuous visibility into our AWS environment.” -Brendan Champion, Director of IT Infrastructure, Karma Automotive.
Thorn Technologies is a leading expert in cloud computing and enterprise software development. The company offers end-to-end software solutions for various Fortune 500 businesses, including reliable and easy-to-use cloud computing products on the AWS Marketplace, cloud deployment and migration services, high-transaction cloud computing solutions, and large-scale enterprise software.
“We implemented AWS Control Tower so that our security team could quickly set up a best-practices AWS environment and provision multiple AWS accounts. Control Tower has been integral to maintaining our high standards of security. We use service control policies to prevent the use of expensive resources, and we utilize AWS Single Sign-On to access AWS child accounts in order to troubleshoot IAM issues. With Control Tower, we can proactively enforce governance and compliance, get continuous visibility into our AWS environment, and ultimately gain peace of mind.” – Daniel Rusk, Chief Technology Officer at Thorn Technologies.