Tag: AWS Control Tower

Overview A key benefit of using the Amazon Web Services (AWS) cloud is the ability to pay only for the services you consume. This granular control and elastic model enables you to achieve substantial savings compared to on-premise infrastructure. The practice of ensuring you are getting the most value for your investment, and a foundational pillar […]

Introduction In order to enforce best practices for governance and compliance across AWS accounts in a centralized way, AWS Control Tower is an easy place to start.  However, ensuring continuous compliance requires regular drift detection and remediation, which Control Tower facilitates by providing a mechanism to detect drift and publish notifications to Amazon Simple Notification […]

AWS Control Tower makes it easy to create and manage a secure, multi-account AWS environment, ready for immediate use. However, for more customized setups, particularly using Terraform, customers can use AWS Control Tower Account Factory for Terraform (AFT). Account Factory for Terraform (AFT) sets up a Terraform pipeline to help you provision and customize accounts […]

Detecting security risks and investigating the corresponding findings is essential for protecting your AWS environment from potential threats, ensuring the confidentiality, integrity, and availability of your data and resources for your business needs. AWS provides a range of governance and security services such as AWS Organizations, AWS Control Tower, and AWS Config along with many others, […]

Introduction The integration of Generative AI into cloud governance transforms AWS account management into a more automated and efficient process. Leveraging the generative AI capabilities of Amazon Bedrock alongside tools such as AWS Control Tower and Account Factory for Terraform (AFT), organizations can now expedite the AWS account setup and management process, aligning with best […]

Independent software vendors (ISVs) are AWS Partners who build products or services using AWS. Their workloads are typically diverse and require a flexible and customizable multi-account setup. Following are some examples: Backoffice workloads, which tend be deployed once and are then regularly updated, typically relying on commercial off-the-shelf software. Presales workloads, which are short lived […]

Introduction Many of my customers use AWS CloudFormation to streamline provisioning operations for AWS and third-party resources, that they describe with code in JSON- or YAML-formatted CloudFormation templates. Some workloads require custom logic or inputs beyond standard parameter values. For these scenarios, an often overlooked and useful CloudFormation feature lies in AWS Lambda-backed custom resources. With Lambda-backed custom […]

Do you or your organization need solutions to help reach your Cloud Governance objectives as you migrate to AWS? How do you stay agile and innovate faster while staying secure?Designing and building a landing zone is a key step in the migration journey to the AWS cloud. A well-architected landing zone helps accelerate migration and […]

Using AWS Control Tower in the AWS GovCloud (US) Regions The recent announcement of AWS Control Tower achieves FedRAMP High authorization in AWS GovCloud (US) Regions reminds us that it is a good time to review how to implement a well-architected multi-account strategy. This helps customers quickly build a baseline multi-account environment while having access […]

Many Amazon Web Services (AWS) customers struggle to keep cloud costs under control while allowing employees to innovate and develop their AWS skills. We talk to technology leaders every day who rank controlling cloud spend among their top concerns. Those same leaders don’t want to stifle innovation or restrict employee’s ability to learn AWS. Using […]