AWS Management & Governance Blog
Tag: AWS Control Tower
AWS Control Tower Detective Guardrails as an AWS Config Conformance Pack
Many of the customers I work with would like to be able to apply AWS Control Tower’s detective guardrails to an existing AWS account before moving them to Control Tower governance. Now that you can launch AWS Control Tower in an existing AWS Organization, customers want to evaluate their existing accounts for compliance with AWS […]
Read MoreImprove governance and business agility using AWS Management and Governance videos – part 2
This blog post highlights newly published videos on the AWS Management and Governance YouTube channel that help you enable, provision, and operate your AWS environments effectively. The first part of this blog series was published last spring. The objective of these video-based, hands-on solutions is to enable you to innovate faster while maintaining control over […]
Read MoreCustomizing account configuration with AWS Control Tower lifecycle events
In this blog post, we show how to customize the networking configuration in an AWS account. For example by deleting the default VPCs in all AWS Regions, using AWS Resource Access Manager to share the appropriate VPC subnets and using AWS Firewall Manager to apply security groups to VPCs in the account.
Read MoreEnabling Amazon GuardDuty in AWS Control Tower using Delegated Administrator
My customers have asked how to monitor their AWS environments for potential malicious activity. Many have standardized on using AWS Control Tower to implement a multi-account framework that is governed and based on known AWS best practices. They are also interested in enabling Amazon GuardDuty to supplement this with effective monitoring capabilities. This post shows […]
Read MoreExtend AWS Control Tower governance using AWS Config Conformance Packs
As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]
Read MoreVPC Flow Log automation using AWS Control Tower LifeCycle
In this blog post, I show you how to expand AWS Control Tower centralized logging strategy to cover Amazon VPC Flow Logs. Using this solution, you can manage VPC Flow Logs across multiple accounts with self-service automation and periodic consistency check.
Read MoreEnabling AWS IAM Access Analyzer on AWS Control Tower accounts
Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]
Read MoreAutomating AWS Security Hub Alerts with AWS Control Tower lifecycle events
Important Update: As of 23 Nov 2020 the Security Hub service was updated to support direct integration with AWS Organizations. Please see the announcement here regarding a simplified Organization-wide integration for Security Hub and your Control Tower environment. AWS Control Tower is an AWS managed service that automates the creation of a well-architected multi-account AWS […]
Read MoreImprove governance and business agility using AWS Management and Governance videos
Curious to find solutions for managing your business on AWS? We always look at different ways to better serve our customers. One of the ways is to offer you video-based hands-on solutions addressing the common challenges faced by enterprises in managing and governing their AWS environments. Here’s a summary of videos published in AWS Management […]
Read MoreUsing lifecycle events to track AWS Control Tower actions and trigger automated workflows
Many customers that I work with are creating and provisioning new accounts using AWS Control Tower. They prefer an AWS native solution for creating their environment knowing that it will be based upon documented AWS Best Practices. As customers scale their account creation, there exists an opportunity to use additional Control Tower features to perform […]
Read More