BT

InfoQ Homepage News Amazon Releases the Multi-Account Management Service AWS Control Tower to General Availability

Amazon Releases the Multi-Account Management Service AWS Control Tower to General Availability

This item in japanese

Bookmarks

Recently, Amazon announced the general availability of AWS Control Tower, a service that automates the process of setting up a new baseline multi-account AWS environment that is secure, and well-architected. With AWS Control Tower, cloud administrators can consistently set-up security and compliance for multi-account AWS environments.

During the AWS re:Inforce event in Boston last month, Amazon unveiled both AWS Control Tower and Security Hub as new tooling for organizations to streamline their process of configuring and locking down AWS environments and accounts. Moreover, Amazon has incorporated their knowledge throughout thousands of successful customer engagements and recommendations found in their Whitepapers, documentation, the Well-Architected Framework, and training in the service.

Rich Mogull, CEO of Securosis, said in a duo.com security news article:

Control Tower is basically a template for an entire enterprise deployment and management of a full, multi-account environment with all key security controls pre-configured.

With Control Tower, a cloud administrator is provided with a tool that automates various tasks involving the initial setup of a new AWS environment, such as identity and access management, centralized logging, and security audits across accounts. Furthermore, the service consists of several components, including:

  • Landing Zone - the multi-account AWS environment the tool sets up
  • Blueprints - design patterns used to establish the Landing Zone
  • A set of default policy controls known as Guardrails
  • The Environment – an AWS account with all of the attendant resources set up to run an application.


Source: https://aws.amazon.com/controltower/

Companies running larger AWS environments with lots of moving parts can especially benefit from Control Tower – for instance, it only takes one unprotected administrator account or misconfigured storage repository for data to be exposed. 

Dave McCann, VP of Marketplace and Migration, AWS, said in a BusinessWire article:

Not only does AWS Control Tower make deploying a multi-account environment and establishing governance controls as easy as selecting items from a menu, but it also gives customers a roadmap for how to get it right based upon AWS’s experience helping thousands of enterprise customers create secure and compliant cloud environments.

AWS Control Tower is currently available in the US East (Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) regions, with additional regions coming soon. Customers can use AWS Control Tower free of charge, and they only pay for AWS services set up by it – pricing examples are available on the pricing page.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

  • Clarification

    by Michael Holzer /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Hi,
    I'm confused by the claim 'the Environment – an AWS account with all of the attendant resources set up to run an application.' specifically the part 'all of the attendant resources set up to run an application'. In Amazon's docs I didn't find any references for this statement. Could the authoer please clarify?
    Thanks
    Michael

  • Re: Clarification

    by Steef-Jan Wiggers /

    Your message is awaiting moderation. Thank you for participating in the discussion.

    Hi,

    What it means is an AWS account and the resources within it, configured to run an application. Users make requests (via Service Catalog) for new environments and Control Tower uses automated workflows to provision them - see also the blog: aws.amazon.com/blogs/aws/aws-control-tower-set-...

    Steef-Jan

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.