Category: AWS Control Tower

Introduction The integration of Generative AI into cloud governance transforms AWS account management into a more automated and efficient process. Leveraging the generative AI capabilities of Amazon Bedrock alongside tools such as AWS Control Tower and Account Factory for Terraform (AFT), organizations can now expedite the AWS account setup and management process, aligning with best […]

Independent software vendors (ISVs) are AWS Partners who build products or services using AWS. Their workloads are typically diverse and require a flexible and customizable multi-account setup. Following are some examples: Backoffice workloads, which tend be deployed once and are then regularly updated, typically relying on commercial off-the-shelf software. Presales workloads, which are short lived […]

Many customers are looking to adopt a multi-account strategy within their AWS environment. This allows customers to isolate their workloads into different environments including test, dev, and production in addition to separating workloads based on regulatory requirements. As customers scale their multi-account environments, one strategy to increase agility is to offer business units their own […]

AWS Control Tower offers the easiest way to set up and govern a secure, compliant, and multi-account AWS environment based on best practices established by working with thousands of enterprises. Organizations can leverage built-in preventive, proactive, and detective controls as a starting point to address the customer part of the AWS Shared Responsibility Model. Control […]

Introduction Many of my customers use AWS CloudFormation to streamline provisioning operations for AWS and third-party resources, that they describe with code in JSON- or YAML-formatted CloudFormation templates. Some workloads require custom logic or inputs beyond standard parameter values. For these scenarios, an often overlooked and useful CloudFormation feature lies in AWS Lambda-backed custom resources. With Lambda-backed custom […]

Do you or your organization need solutions to help reach your Cloud Governance objectives as you migrate to AWS? How do you stay agile and innovate faster while staying secure?Designing and building a landing zone is a key step in the migration journey to the AWS cloud. A well-architected landing zone helps accelerate migration and […]

Using AWS Control Tower in the AWS GovCloud (US) Regions The recent announcement of AWS Control Tower achieves FedRAMP High authorization in AWS GovCloud (US) Regions reminds us that it is a good time to review how to implement a well-architected multi-account strategy. This helps customers quickly build a baseline multi-account environment while having access […]

Many Amazon Web Services (AWS) customers struggle to keep cloud costs under control while allowing employees to innovate and develop their AWS skills. We talk to technology leaders every day who rank controlling cloud spend among their top concerns. Those same leaders don’t want to stifle innovation or restrict employee’s ability to learn AWS. Using […]

Customers can incorporate the CfnGuardValidator plugin into their AWS Cloud Development Kit (AWS CDK) application to accelerate their application development process. This acceleration stems from ensuring that the deployed resources comply with both organizational policy and AWS best practices. Without the plugin, however, ensuing policy compliance can often be an iterative process. Organizations may implement […]

Enabling effective governance in a multi-account environment and aligning with AWS best practices and common compliance frameworks can be a complex endeavor. Many customers, particularly those operating in regulated industries, face the challenge of investing time and resources in identifying risks and developing their own controls to address service relationships and dependencies. This process can […]