Today, Amazon Web Services Inc., an Amazon.com company (NASDAQ: AMZN), announced the general availability of AWS Control Tower, a service that makes it easy for customers to set up and continuously govern secure, compliant multi-account AWS environments. AWS Control Tower gives customers an automated landing zone – a pre-configured environment built according to AWS best-practices – as well as a pre-packaged set of guardrails – clearly defined rules for security, operations, and compliance – that provide ongoing governance. Customers can use AWS Control Tower to deploy their new multi-account environment with just a few clicks in the AWS Management Console. There are no additional charges or upfront commitments required to use AWS Control Tower, and customers pay only for AWS services enabled in order to set up their landing zone and operate their guardrails. To get started with AWS Control Tower, visit: https://aws.amazon.com/controltower.
Organizations migrating to AWS often need to manage a large number of accounts across distributed teams. AWS’s existing management and governance services, such as AWS Organizations and AWS Config, give customers granular control over their environments, but many organizations also want more prescriptive guidance and help setting up a secure environment spanning many accounts. Customers also want to ensure that they’re using all the right tools and that they understand how those tools can create and enforce central policies for their teams to deploy workloads in a secure and compliant way. And of course they want to do all of this without sacrificing the speed, agility, and fine-grained control that AWS provides.
AWS Control Tower addresses these challenges by enabling central cloud teams to automatically deploy a single landing zone where their teams can provision accounts and workloads according to industry and AWS standards for identity, federated access, and account structure. The landing zone employs best-practices blueprints, such as configuring a multi-account structure using AWS Organizations, managing user identities and federated access with AWS Single Sign-On, provisioning accounts using an account factory through AWS Service Catalog, centralizing a log archive using AWS CloudTrail and AWS Config, and much more. AWS Control Tower offers a curated set of guardrails which are based on AWS best practices and common customer policies for governance. Guardrails establish a configuration baseline, prevent the deployment of resources that don’t conform to these policies, and continuously monitor deployed resources for non-conformance. The landing zone features a standard set of default guardrails, and customers can enforce more granular governance by applying recommended guardrails to groups of accounts at any time. Guardrails for an organization remain in effect as new accounts are created or existing accounts change. All of this can be easily managed and monitored through the AWS Control Tower dashboard, providing customers with centralized visibility into their AWS environment, including information about accounts provisioned, guardrails enabled, and the guardrail compliance status of accounts.
“One of the most common reasons customers tell us that they choose AWS is that it allows their teams to build and innovate more quickly. The speed, fine-grained control, and autonomy provided by AWS are crucial benefits, but customers also want a simple, automated, and centralized way to ensure all of that distributed work is being done securely and in accordance with their policies,” said Dave McCann, VP of Marketplace and Migration, AWS. “Not only does AWS Control Tower make deploying a multi-account environment and establishing governance controls as easy as selecting items from a menu, it also gives customers a roadmap for how to get it right based upon AWS’s experience helping thousands of enterprise customers create secure and compliant cloud environments.”
AWS Control Tower is available today in US East (N Virginia), US East (Ohio), US West (Oregon), and EU (Ireland) with additional regions coming soon.
The California State University system is the largest four-year public university in the United States. The organization is working to provide a cloud environment that can scale to support 500,000 students across 23 campuses in the state of California. “Getting started on AWS Control Tower was incredibly easy. Within five minutes, Control Tower began creating a best-practice accounts structure, enabling security guardrails, and establishing governance controls for us,” said Ryan Matteson, Director of Systemwide Cloud Acceleration, California State University. “What previously took us weeks of effort was completed in about an hour. We have seen how Control Tower scales up to meet our needs, and because it orchestrates AWS services, we have flexibility to build quickly based on the landing zone it creates.”
Deutsche Börse Group is an international exchange organization offering financial institutions and investors a wide range of financial market products, services and technologies, as well as state-of-the-art IT solutions all over the world. “We started using AWS Control Tower to speed up our AWS account creation. It gives us an easy way to create accounts across our organization and put in place guardrails to enforce or check for policy compliance,” said Christian Tueffers, Cloud Architect, Deutsche Börse Group. “Now our teams can quickly create accounts with pre-configured permissions to enable us to perform audit or administrative actions. Control Tower helps our teams achieve the speed and agility they need while maintaining our exacting standards of security and compliance.”
Slalom is a modern consulting firm focused on strategy, technology, and business transformation. In 29 markets and seven regional innovation hubs across the US, UK, and Canada, Slalom’s 7,000 employees move fast and do what’s right for clients. “AWS Control Tower will help centralize and consistently apply AWS best practices and provide guardrails to monitor and enforce our security and compliance policies across AWS accounts,” said Tony Rojas, President, Slalom. “We’ve been advising customers about Control Tower and are seeing a lot of excitement about the service, particularly among our larger multinational clients and those with particularly stringent compliance needs.”
With in-depth reviews of every new vehicle, shopping tips from an in-house team of experts, plus a wealth of consumer and automotive market insights, Edmunds helps millions of shoppers each month select, price, and buy a car with confidence. “We’ve always considered AWS multi-account management to be a key aspect of onboarding new teams and workloads, which means we’ve spent a lot of time and resources building custom solutions for provisioning accounts and ensuring those accounts adhere with our policies,” said Emil Ndreu, Executive Cloud Director, Edmunds. “Control Tower gives us the ability to provision accounts based on best practices and enforce compliance policies on them natively within AWS, which will make our account provisioning quicker and our governance easier.”
XebiaLabs offers release orchestration and application delivery software that provides companies with the visibility, automation and control they need to deliver software faster and with less risk. “We’ve been looking for an easy way to set up and manage a secure AWS environment, and we wanted to manage the application environments of multiple teams in one central place to maintain governance and security,” said Derek Langone, CEO, XebiaLabs. “AWS Control Tower gives us simplified management and peace of mind. Now we have one central place for policy management, enforcement, and reporting.”
About Amazon Web Services
For 13 years, Amazon Web Services has been the world’s most comprehensive and broadly adopted cloud platform. AWS offers over 165 fully featured services for compute, storage, databases, networking, analytics, robotics, machine learning and artificial intelligence (AI), Internet of Things (IoT), mobile, security, hybrid, virtual and augmented reality (VR and AR), media, and application development, deployment, and management from 66 Availability Zones (AZs) within 21 geographic regions, spanning the U.S., Australia, Brazil, Canada, China, France, Germany, Hong Kong Special Administrative Region, India, Ireland, Japan, Korea, Singapore, Sweden, and the UK. Millions of customers—including the fastest-growing startups, largest enterprises, and leading government agencies—trust AWS to power their infrastructure, become more agile, and lower costs. To learn more about AWS, visit aws.amazon.com.
Amazon is guided by four principles: customer obsession rather than competitor focus, passion for invention, commitment to operational excellence, and long-term thinking. Customer reviews, 1-Click shopping, personalized recommendations, Prime, Fulfillment by Amazon, AWS, Kindle Direct Publishing, Kindle, Fire tablets, Fire TV, Amazon Echo, and Alexa are some of the products and services pioneered by Amazon. For more information, visit amazon.com/about and follow @AmazonNews.