Tag: AWS Control Tower

Many Amazon Web Services (AWS) customers struggle to keep cloud costs under control while allowing employees to innovate and develop their AWS skills. We talk to technology leaders every day who rank controlling cloud spend among their top concerns. Those same leaders don’t want to stifle innovation or restrict employee’s ability to learn AWS. Using […]

Customers can incorporate the CfnGuardValidator plugin into their AWS Cloud Development Kit (AWS CDK) application to accelerate their application development process. This acceleration stems from ensuring that the deployed resources comply with both organizational policy and AWS best practices. Without the plugin, however, ensuing policy compliance can often be an iterative process. Organizations may implement […]

Enabling effective governance in a multi-account environment and aligning with AWS best practices and common compliance frameworks can be a complex endeavor. Many customers, particularly those operating in regulated industries, face the challenge of investing time and resources in identifying risks and developing their own controls to address service relationships and dependencies. This process can […]

While working with many of our customers, a recurring question has been “How can we be notified when users login to key accounts so we can take action if needed?” This post shows how to implement a flexible, simple, and serverless solution that creates notifications when sensitive accounts are logged in to. Alerting on high […]

We are excited to announce the general availability (GA) of the integration between AWS Control Tower and AWS Security Hub. With this GA release, AWS Control Tower can detect control operations performed on the Security Hub detective controls from the Security Hub service. This includes the ability to detect if Security Hub controls enabled via […]

Customers want flexibility and simpler ways to manage their AWS accounts. There are several ways customers can choose to customize their AWS account deployments at scale with flexibility such as Account Factory Customization (AFC), a native solution within AWS Control Tower account factory, or Customizations for Control Tower (CfCT), which this blog focuses on. To […]

Before customers can build, migrate and operate their workloads at scale, they must build a foundation to enable a multi-account architecture that supports the growing needs of their organization. With this foundation in place, customers can create AWS accounts to enable workload isolation within their organizations. As customers build their AWS account structure to group […]

Introduction For organizations moving to the cloud, fully embracing its benefits is not straightforward. Even with strong management buy-in and approved business cases, executional challenges are common. Do the below challenges resonate with what you are facing now in your cloud journey? No single-threaded owner of cloud initiatives, impacting velocity of decision-making Unable to effectively […]

When you are building workloads on AWS, you are encouraged to follow a multi-account strategy to isolate workloads into multiple AWS accounts. You can do this to separate your accounts based on different business units, different stages of the software development lifecycle (SDLC) or another manner that is suitable for your organization’s needs. Whichever approach […]

AWS Control Tower customers leverage infrastructure as code (IaC) to consistently deploy resources within their AWS multi-account setup. Enterprises want their developers to create and manage resources that they need to build applications while maintaining compliance with the organizations’ security, operational, and cost optimization best practices. Most solutions today inform customers about non-compliant resources only […]