For an organization planning to start using the AWS Cloud, having multiple accounts as well as different teams interacting with them, cloud governance and setup can be time consuming and complex without practical guidance and tools to help with initial governance and security setup for these multi-account environments.

 

It is for this reason that AWS in June 2019 launched Control Tower, a service that allows organizations to create and manage multiple accounts within AWS, always maintaining the best security and governance practices developed during more than 20 years of projects and migrations to the cloud by the Amazon Web Services team.

 

Control Tower efficiently assists in creating a Landing Zone in a multi-account environment on the AWS Cloud. This Landing Zone is ideal for companies that want to start the path of the cloud with new initiatives that allow them to have independent environments for development, testing and production, including experimentation accounts (data laboratories for example) for more specialized teams such as scientists from data, without sacrificing business speed and availability.

 

Control Tower provides two types of high-level, mandatory and highly recommended rules called guardrails that enforce policies through “Service Control Policies” or identify violations through AWS Config rules. All these rules are applied as new accounts are created or changes are made to the configuration of existing accounts.

 

Some of the benefits of implementing a Landing Zone with Control Tower in your organization are:

 

  • Environment automation with multiple AWS accounts.
  • A single location to set up a new environment.
  • Each new account uses the same set of policies.
  • Multiple accounts to allow teams to work independently.
  • AWS Control Tower provides reports on: governance of workloads, security control policies and health of cloud environments, among others.

 

If you want to understand how to run a quick project using Control Tower or want to learn more about our experiences in implementing a Landing Zone and AWS services, please contact us here.