AWS Cloud Operations Blog
Category: AWS Control Tower
Use AWS Control Tower to Simplify Governance in AWS GovCloud (US) Regions
Customers often tell us about the challenges they face managing multi-account environments in AWS GovCloud regions. Many of these customers are using AWS Control Tower to simplify their account governance and they’ve asked us to extend the same benefits to AWS GovCloud regions. On October 19, 2022, we announced the general availability of AWS Control […]
Use existing Logging and Security Account with AWS Control Tower
AWS Control Tower provides the easiest way for you to set up and govern your AWS environment, or landing zone, following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On (AWS SSO), AWS Config, AWS CloudTrail) to build a landing zone […]
AWS Control Tower releases API, pre-defined controls to your organizational units
AWS Control Tower offers a direct way to set up and govern an AWS multi-account environment following prescriptive guidance and best practices. It orchestrates the capabilities of several other AWS services, including AWS Organizations, AWS Service Catalog, and AWS IAM Identity Center (successor to AWS Single Sign-On), to build a landing zone in less than […]
Deploy and Customize AWS accounts using Account Factory for Terraform in AWS Control Tower
Customers use AWS Control Tower Account Factory to create a new AWS account or enroll existing AWS accounts in their AWS Organizations. Customers launch Account Factory from the AWS Control Tower console or via AWS Service Catalog API. We hear from customers that they want to manage their AWS accounts in the same way that […]
Customize AWS Config resource tracking in AWS Control Tower environment
[Update on Sep/21/2024] AWS Config recorder has recently provided support for periodic recording, this captures the latest configuration changes of your resources once every 24 hours, reducing the number of changes delivered. This blog has been updated to incorporate that. [Update on May/14/2024] Minor update to the services that depend on AWS Config recorder and […]
Managing AWS account lifecycle in AWS Control Tower using the Account Close API
AWS Control Tower provides the easiest way for you to set up and govern your AWS environment following prescriptive AWS best practices managed on your behalf. AWS Control Tower orchestrates multiple AWS services (AWS Organizations, AWS CloudFormation StackSets, Amazon Simple Storage Service (Amazon S3), AWS Single Sign-On, AWS Config, AWS CloudTrail) to build a landing […]
Service Notice – Upcoming changes required for AWS Config
On July 5, 2022, the AWS managed policy AWSConfigRole will be deprecated. This policy is being replaced by a more scoped-down policy, AWS_ConfigRole. The AWSConfigRole managed policy will continue working for all currently attached users, groups, and roles. However, after July 5, 2022, the AWSConfigRole managed policy can’t be attached to any new users, groups, […]
Flight Controller by Contino – A Solution built on AWS Control Tower
Today AWS customers are rapidly adopting the cloud and at a massive scale. To support this demand, customers must build a strong foundation based on AWS well-architected best practices. A well-architected landing zone is a key construct that lets you vend accounts, provision access, setup security guardrails, and build CI/CD pipelines. However, at scale, implicit […]
Integrating existing AWS CloudTrail configurations when launching AWS Control Tower
The customers that we work with often use multiple AWS accounts to meet their business needs. These multi-account environments are built based on the guidelines that AWS published. Customers have created custom mechanisms using AWS Organizations, AWS CloudTrail, and other AWS services to implement the guidelines. AWS Created the AWS Control Tower service as a […]
Supporting Data Residency Requirements by Extending AWS Control Tower Governance to Non-supported Regions
In today’s complex computing environment, organizations continually have new requirements for maintaining data. In essence, data residency is established on multiple levels, and AWS offers different features and services to support it. This post focuses on utilizing the AWS Control Tower governance model to support data residency requirements in regions where AWS Control Tower isn’t […]