AWS Cloud Operations Blog
Tag: AWS Control Tower
AWS Cloud Operations Kiosks at AWS re:Invent 2022
The Expo on Day 3 of AWS on Wednesday, December 1, 2021 at the Venetian Resort in Las Vegas, Nevada. For most organizations, the question isn’t “if we move to the cloud” anymore; it’s “what do we move first?” and “how soon can we be operating in the cloud?” Wherever you are in your digital […]
Use existing Logging and Security Account with AWS Control Tower
AWS Control Tower provides the easiest way for you to set up and govern your AWS environment, or landing zone, following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On (AWS SSO), AWS Config, AWS CloudTrail) to build a landing zone […]
AWS Control Tower releases API, pre-defined controls to your organizational units
AWS Control Tower offers a direct way to set up and govern an AWS multi-account environment following prescriptive guidance and best practices. It orchestrates the capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS IAM Identity Center (successor to AWS Single Sign-On), to build a landing zone in less than […]
Deploy and Customize AWS accounts using Account Factory for Terraform in AWS Control Tower
Customers use AWS Control Tower Account Factory to create a new AWS account or enroll existing AWS accounts in their AWS Organizations. Customers launch Account Factory from the AWS Control Tower console or via AWS Service Catalog API. We hear from customers that they want to manage their AWS accounts in the same way that […]
Customize AWS Config resource tracking in AWS Control Tower environment
[Update on Sep/21/2024] AWS Config recorder has recently provided support for periodic recording, this captures the latest configuration changes of your resources once every 24 hours, reducing the number of changes delivered. This blog has been updated to incorporate that. [Update on May/14/2024] Minor update to the services that depend on AWS Config recorder and […]
Managing AWS account lifecycle in AWS Control Tower using the Account Close API
AWS Control Tower provides the easiest way for you to set up and govern your AWS environment following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On, AWS Config, AWS CloudTrail) to build a landing […]
Strategies for consolidating AWS environments
Organizations undergoing mergers and acquisitions (M&A) are looking for ways to simplify and standardize the governance of their AWS cloud environments. M&As can become complex as different IT departments between the acquirer and the acquiree attempt to merge and operate as a single entity. Customers are increasingly using multiple accounts within an organization built and […]
Service Notice – Upcoming changes required for AWS Config
On July 5, 2022, the AWS managed policy AWSConfigRole will be deprecated. This policy is being replaced by a more scoped-down policy, AWS_ConfigRole. The AWSConfigRole managed policy will continue working for all currently attached users, groups, and roles. However, after July 5, 2022, the AWSConfigRole managed policy can’t be attached to any new users, groups, […]
Automating AWS Security Hub Alerts with AWS Control Tower lifecycle events
Important Update: As of 23 Nov 2020 the Security Hub service was updated to support direct integration with AWS Organizations. Lifecycle events are no longer the recommended way to enable Security Hub. Please utilize Security Hub’s native integration with AWS Organizations. You can also refer to this blog, which walks through how to enable GuardDuty […]
Improve governance and business agility using AWS Management and Governance videos – part 2
This blog post highlights newly published videos on the AWS Management and Governance YouTube channel that help you enable, provision, and operate your AWS environments effectively. The first part of this blog series was published last spring. The objective of these video-based, hands-on solutions is to enable you to innovate faster while maintaining control over […]