Tag: AWS Control Tower

In this blog post, we show how to customize the networking configuration in an AWS account. For example by deleting the default VPCs in all AWS Regions, using AWS Resource Access Manager to share the appropriate VPC subnets and using AWS Firewall Manager to apply security groups to VPCs in the account.

My customers have asked how to monitor their AWS environments for potential malicious activity. Many have standardized on using AWS Control Tower to implement a multi-account framework that is governed and based on known AWS best practices. They are also interested in enabling Amazon GuardDuty to supplement this with effective monitoring capabilities. This post shows […]

As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]

In this blog post, I show you how to expand AWS Control Tower centralized logging strategy to cover Amazon VPC Flow Logs. Using this solution, you can manage VPC Flow Logs across multiple accounts with self-service automation and periodic consistency check.

Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]

Curious to find solutions for managing your business on AWS? We always look at different ways to better serve our customers. One of the ways is to offer you video-based hands-on solutions addressing the common challenges faced by enterprises in managing and governing their AWS environments. Here’s a summary of videos published in AWS Management […]

Many customers that I work with are creating and provisioning new accounts using AWS Control Tower. They prefer an AWS native solution for creating their environment knowing that it will be based upon documented AWS Best Practices. As customers scale their account creation, there exists an opportunity to use additional Control Tower features to perform […]

Customers provision new accounts in AWS Control Tower whenever they are on-boarding new business units or setting up application workloads. In some cases, organizations also want their cloud users, developers, and data scientists to deploy self-service standardized and secure patterns and architectures with the new account. Here are a few examples: A developer or cloud […]

Many companies that I work with would like to innovate fast in the cloud by adopting a self-service infrastructure provisioning model in a multi-account environment. However, maintaining security and governance in such a model is an organizational challenge. Without structured guardrails and baseline configuration enforcement, troubleshooting and mitigating risk can be cumbersome. AWS Control Tower […]