AWS Architecture Blog

Category: AWS Control Tower

Pilot consideration process

Designing a Successful Pilot Phase for Your Cloud Migration

Pilot phases, or pilots, as we will call them from now on, should be conducted to test and find the positive and negative aspects of a particular use case, design pattern, or application migration approach. They allow you to validate the foundation of your architecture (for example, with a landing zone governed by AWS Control […]

Read More
Monolithic versus microservice approach

Issues to Avoid When Implementing Serverless Architecture with AWS Lambda

There’s lots of articles and advice on using AWS Lambda. I’d like to show you how to avoid some common issues so you can build the most effective architecture. Technologies emerge and become outdated quickly. So, solutions that may look like the right solution, otherwise known as anti-patterns, can prevent you from building a cost-optimized, […]

Read More
Figure 1. Architecture for Customizations for AWS Control Tower

Fast and Secure Account Governance with Customizations for AWS Control Tower

Organizations around the world value a secure, well-architected, AWS environment that provides a strong foundation for their cloud operations. They seek a multi-account strategy that delivers operational excellence, security, reliability, performance, and cost optimization of their AWS resources now and into the future. AWS Control Tower delivers on this multi-account strategy by orchestrating various AWS […]

Read More
AWS Control Tower Architecture

Field Notes: AWS Control Tower Governance on Selected Regions and Improved Account Provisioning

Co-written by Kalyan Ghatak, Senior Technical Product Manager and Kishore Vinjam, Partner Solutions Architect at AWS AWS Control Tower is available in 13 AWS Regions today. As we continue to expand to additional Regions, customers have asked to provide the ability to choose the Regions that AWS Control Tower manages. By only selecting the actively […]

Read More
Azure AD Reference Architecture

Field Notes: Automate SAML 2.0 Federation using AWS Control Tower and Azure Active Directory

Some AWS Control Tower customers have adopted Azure Active Directory as their Identity Provider (IdP) and wish to keep authentication and authorization within the IdP. When setting up federation from Azure Active Directory a tutorial is often consulted which describes how to integrate Azure AD single sign-on with AWS. The tutorial uses an IAM user […]

Read More
ArchitectureOverview-1024x369

Field Notes: Enabling Guardrails in New AWS Regions the AWS Control Tower Supports

Originally published March 2020 to the Field Notes blog, and updated in January 2021, to highlight that AWS Control Tower supports the updating of enrolled accounts from the dashboard. Follow the instructions from Update existing OUs and accounts in addition to this blog. For the first time since the launch of AWS Control Tower, we […]

Read More
AWS Control Tower Management account screenshot

Field Notes: Enroll Existing AWS Accounts into AWS Control Tower

Originally published 21 April 2020 to the Field Notes blog, and updated in August 2020 with new prechecks to the account enrollment script. Last updated April 8, 2021 to reflect changes in the AWS Organizations service.  Since the launch of AWS Control Tower, customers have been asking for the ability to deploy AWS Control Tower […]

Read More
Sample post-merger AWS environment

Mergers and Acquisitions Readiness with the Well-Architected Framework

Companies looking for an acquisition or a successful exit through a merger, undergo a technical assessment as part of the due diligence process. While being a profitable business by itself can attract interest, running a disciplined IT department within your organization can make the acquisition more valuable. As an entity operating cloud workloads on AWS, […]

Read More
Route 53 PHZs and Resolver Endpoints

Using Route 53 Private Hosted Zones for Cross-account Multi-region Architectures

This post was co-written by Anandprasanna Gaitonde, AWS Solutions Architect and John Bickle, Senior Technical Account Manager, AWS Enterprise Support Introduction Many AWS customers have internal business applications spread over multiple AWS accounts and on-premises to support different business units. In such environments, you may find a consistent view of DNS records and domain names […]

Read More
Figure 1 Deployment to new account

Field Notes: Customizing the AWS Control Tower Account Factory with AWS Service Catalog

Many AWS customers who are managing hundreds or thousands of accounts know how complex and time consuming this process can be. To reduce the burden and simplify the process of creating new accounts, last year AWS released a new service, AWS Control Tower. AWS Control Tower helps you automate the process of setting up a […]

Read More