AWS Announces General Availability of AWS Control Tower

Amazon Web Services Inc. announced the general availability of AWS Control Tower, a service that makes it easy for customers to set up and continuously govern secure, compliant multi-account AWS environments. AWS Control Tower gives customers an automated landing zone – a pre-configured environment built according to AWS best-practices – as well as a pre-packaged set of guardrails – clearly defined rules for security, operations, and compliance – that provide ongoing governance. Customers can use AWS Control Tower to deploy their new multi-account environment with just a few clicks in the AWS Management Console. There are no additional charges or upfront commitments required to use AWS Control Tower, and customers pay only for AWS services enabled in order to set up their landing zone and operate their guardrails. To get started with AWS Control Tower, visit: https://aws.amazon.com/controltower.

Organizations migrating to AWS often need to manage a large number of accounts across distributed teams. AWS’s existing management and governance services, such as AWS Organizations and AWS Config, give customers granular control over their environments, but many organizations also want more prescriptive guidance and help setting up a secure environment spanning many accounts. Customers also want to ensure that they’re using all the right tools and that they understand how those tools can create and enforce central policies for their teams to deploy workloads in a secure and compliant way. And of course they want to do all of this without sacrificing the speed, agility, and fine-grained control that AWS provides.

AWS Control Tower addresses these challenges by enabling central cloud teams to automatically deploy a single landing zone where their teams can provision accounts and workloads according to industry and AWS standards for identity, federated access, and account structure. The landing zone employs best-practices blueprints, such as configuring a multi-account structure using AWS Organizations, managing user identities and federated access with AWS Single Sign-On, provisioning accounts using an account factory through AWS Service Catalog, centralizing a log archive using AWS CloudTrail and AWS Config, and much more. AWS Control Tower offers a curated set of guardrails which are based on AWS best practices and common customer policies for governance. Guardrails establish a configuration baseline, prevent the deployment of resources that don’t conform to these policies, and continuously monitor deployed resources for non-conformance. The landing zone features a standard set of default guardrails, and customers can enforce more granular governance by applying recommended guardrails to groups of accounts at any time. Guardrails for an organization remain in effect as new accounts are created or existing accounts change. All of this can be easily managed and monitored through the AWS Control Tower dashboard, providing customers with centralized visibility into their AWS environment, including information about accounts provisioned, guardrails enabled, and the guardrail compliance status of accounts.

“One of the most common reasons customers tell us that they choose AWS is that it allows their teams to build and innovate more quickly. The speed, fine-grained control, and autonomy provided by AWS are crucial benefits, but customers also want a simple, automated, and centralized way to ensure all of that distributed work is being done securely and in accordance with their policies,” said Dave McCann, VP of Marketplace and Migration, AWS. “Not only does AWS Control Tower make deploying a multi-account environment and establishing governance controls as easy as selecting items from a menu, it also gives customers a roadmap for how to get it right based upon AWS’s experience helping thousands of enterprise customers create secure and compliant cloud environments.”

AWS Control Tower is available today in US East (N Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) with additional regions coming soon.