Using AWS Control Tower, cloud administrators can set up an automated landing zone that employs best-practices blueprints such as configuring multi-account structure using AWS Organizations, managing user identities and federated access with AWS Single Sign-on, enabling account provisioning through AWS Service Catalog, and creating a centralized log archive using AWS CloudTrail and AWS Config. For ongoing governance, they can enable pre-configured guardrails – clearly defined rules for security, operations, and compliance – that prevent deployment of resources that don’t conform to policies and continuously monitor deployed resources for nonconformance. AWS Control Tower’s dashboard provides centralized visibility into their AWS environment including accounts provisioned, guardrails enabled, and the compliance status of accounts.
Administrators can set up a new multi-account environment with just a single click in the AWS Management Console. There are no additional charges or upfront commitments to use Control Tower; they pay only for AWS services enabled in order to set up a landing zone and implement selected guardrails. To get started, visit the AWS Control Tower web page.
Control Tower is available to use in the following AWS Regions: US East (Ohio), Europe (Ireland), US East (N. Virginia), and US West (Oregon).