Amazon Web Services has launched Control Tower, a service that automates the process for customers to set up and continuously govern multi-account AWS environments.
Control Tower offers customers what AWS calls a “landing zone”, an automatically generated pre-configured multi-account AWS environment, where teams can provision accounts and workloads.
Control Tower uses “blueprints”, a set of design patterns, to set up the landing zone, and is supported by a set of “guardrails”, automated implementations of policy controls, with a focus on security, compliance, and cost management.
Guardrails can either be preventive, like blocking actions deemed as risky, or detective, like raising an alert on non-conforming actions. AWS said it is working to allow customers to set up a parallel landing zone next to an existing account, so customers can start building and using custom guardrails.
AWS said there are no additional charges or upfront commitments required to use the service, apart from the AWS resources Control Tower creates.
“One of the most common reasons customers tell us that they choose AWS is that it allows their teams to build and innovate more quickly. The speed, fine-grained control, and autonomy provided by AWS are crucial benefits, but customers also want a simple, automated, and centralized way to ensure all of that distributed work is being done securely and in accordance with their policies,” AWS vice president of marketplace and migration Dave McCann said.
“Not only does AWS Control Tower make deploying a multi-account environment and establishing governance controls as easy as selecting items from a menu, it also gives customers a roadmap for how to get it right based upon AWS’s experience helping thousands of enterprise customers create secure and compliant cloud environments.”
AWS Control Tower is not yet available in Australia, with three US regions and its EU (Ireland) region going live today, but AWS said additional regions are coming soon.
-1.jpg&w=100&c=1&s=0)
.png&w=100&c=1&s=0)
