Category: AWS Control Tower

Overview A key benefit of using the Amazon Web Services (AWS) cloud is the ability to pay only for the services you consume. This granular control and elastic model enables you to achieve substantial savings compared to on-premise infrastructure. The practice of ensuring you are getting the most value for your investment, and a foundational pillar […]

Introduction In order to enforce best practices for governance and compliance across AWS accounts in a centralized way, AWS Control Tower is an easy place to start.  However, ensuring continuous compliance requires regular drift detection and remediation, which Control Tower facilitates by providing a mechanism to detect drift and publish notifications to Amazon Simple Notification […]

Introduction AWS Organizations provides the capability to centrally manage and govern your AWS environment. As an organization, you can delegate administration of specific AWS services integrated with AWS Organizations to authorized individuals or teams. Implementing effective controls for these delegated administrators is essential to ensuring the security, compliance, and operational efficiency of your AWS environment. […]

AWS Control Tower is the easiest way to set up and govern a security, multi-account AWS environment. A key feature of AWS Control Tower is to deploy and manage controls at scale across an entire AWS Organizations. These controls are categorized based on their behavior and guidance. The behavior of each control is one of […]

With numerous AWS accounts in an organization, receiving an external security finding like a vulnerability assessment or pen test report impacting multiple resources can be challenging. Without a centralized resource viewing and search capability, identifying the affected resources require switching and inspecting each account individually, which is time-consuming and inefficient. Security vulnerabilities are time-sensitive, and […]

Introduction The integration of Generative AI into cloud governance transforms AWS account management into a more automated and efficient process. Leveraging the generative AI capabilities of Amazon Bedrock alongside tools such as AWS Control Tower and Account Factory for Terraform (AFT), organizations can now expedite the AWS account setup and management process, aligning with best […]

Independent software vendors (ISVs) are AWS Partners who build products or services using AWS. Their workloads are typically diverse and require a flexible and customizable multi-account setup. Following are some examples: Backoffice workloads, which tend be deployed once and are then regularly updated, typically relying on commercial off-the-shelf software. Presales workloads, which are short lived […]

Many customers are looking to adopt a multi-account strategy within their AWS environment. This allows customers to isolate their workloads into different environments including test, dev, and production in addition to separating workloads based on regulatory requirements. As customers scale their multi-account environments, one strategy to increase agility is to offer business units their own […]

AWS Control Tower offers the easiest way to set up and govern a secure, compliant, and multi-account AWS environment based on best practices established by working with thousands of enterprises. Organizations can leverage built-in preventive, proactive, and detective controls as a starting point to address the customer part of the AWS Shared Responsibility Model. Control […]

Introduction Many of my customers use AWS CloudFormation to streamline provisioning operations for AWS and third-party resources, that they describe with code in JSON- or YAML-formatted CloudFormation templates. Some workloads require custom logic or inputs beyond standard parameter values. For these scenarios, an often overlooked and useful CloudFormation feature lies in AWS Lambda-backed custom resources. With Lambda-backed custom […]