AWS Cloud Operations & Migrations Blog
Category: AWS Control Tower
Import existing AWS Control Tower accounts to Account Factory for Terraform
AWS Control Tower Account Factory for Terraform (AFT) allows customers to provision and customize their account in AWS Control Tower using Terraform. AFT can also import existing AWS Control Tower managed accounts into AFT management, allowing you to manage the global and account-specific customization at scale using Terraform. We hear from customers that they want […]
Improve your security posture with AWS Control Tower and AWS Security Hub integration
We are excited to announce the general availability (GA) of the integration between AWS Control Tower and AWS Security Hub. With this GA release, AWS Control Tower can detect control operations performed on the Security Hub detective controls from the Security Hub service. This includes the ability to detect if Security Hub controls enabled via […]
Simplify infrastructure deployments using Customizations for AWS Control Tower and AWS Serverless Application Model
Customers want flexibility and simpler ways to manage their AWS accounts. There are several ways customers can choose to customize their AWS account deployments at scale with flexibility such as Account Factory Customization (AFC), a native solution within AWS Control Tower account factory, or Customizations for Control Tower (CfCT), which this blog focuses on. To […]
Automate account customization using Account Factory Customization in AWS Control Tower
Before customers can build, migrate and operate their workloads at scale, they must build a foundation to enable a multi-account architecture that supports the growing needs of their organization. With this foundation in place, customers can create AWS accounts to enable workload isolation within their organizations. As customers build their AWS account structure to group […]
Strategies to Distribute Visibility in Multi-account Environments
Speed matters in business, and AWS customers want to move quickly and securely when they choose to innovate and develop on our platform. As customers scale their AWS footprint, a majority of them adopt a multi-account strategy to separate their workloads and better enable their teams to build rapidly. The AWS multi-account strategy provides guidance […]
Use AWS Lambda with AWS Control Tower Audit account to inspect your multi-account setup
When you are building workloads on AWS, you are encouraged to follow a multi-account strategy to isolate workloads into multiple AWS accounts. You can do this to separate your accounts based on different business units, different stages of the software development lifecycle (SDLC) or another manner that is suitable for your organization’s needs. Whichever approach […]
How AWS Control Tower users can proactively verify compliance in AWS CloudFormation stacks
AWS Control Tower customers leverage infrastructure as code (IaC) to consistently deploy resources within their AWS multi-account setup. Enterprises want their developers to create and manage resources that they need to build applications while maintaining compliance with the organizations’ security, operational, and cost optimization best practices. Most solutions today inform customers about non-compliant resources only […]
AWS Service Catalog Account Factory-Enhanced
Many enterprise customers who use AWS Control Tower to create accounts want an uncomplicated way to extend the next steps in the account creation process. These next steps cover common business use cases, including creating networks, security profiles, governance, and compliance. Executing these processes for every new account created manually is cumbersome and challenging to […]
Use AWS Control Tower to Simplify Governance in AWS GovCloud (US) Regions
Customers often tell us about the challenges they face managing multi-account environments in AWS GovCloud regions. Many of these customers are using AWS Control Tower to simplify their account governance and they’ve asked us to extend the same benefits to AWS GovCloud regions. On October 19, 2022, we announced the general availability of AWS Control […]
Use existing Logging and Security Account with AWS Control Tower
AWS Control Tower provides the easiest way for you to set up and govern your AWS environment, or landing zone, following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On (AWS SSO), AWS Config, AWS CloudTrail) to build a landing zone […]