Overview
What is AWS Control Tower?
The vendor presents AWS Control Tower as the easiest way to set up and govern a new, secure multi-account AWS environment. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while knowing new accounts conform…
Control tower is a must for separation of concerns
AWS Control Tower makes multi-account AWS management easy
AWS Control Tower: an AWS Framework that might be more than you need
Reviewer Pros & Cons
Pricing
What is AWS Control Tower?
The vendor presents AWS Control Tower as the easiest way to set up and govern a new, secure multi-account AWS environment. With AWS Control Tower, builders can provision new AWS accounts in a few clicks, while knowing new accounts conform to company-wide policies.
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
3 people also want pricing
Alternatives Pricing
What is AlienVault USM?
AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…
What is Cisco Duo?
Cisco Duo is a two-factor authentication system (2FA), acquired by Cisco in October 2018. It provides single sign-on (SSO) and endpoint visibility, as well as access controls and policy controlled adaptive authentication.
Product Demos
AWS Control Tower set up demo (English).
AWS Control Tower Account Factory (English)
AWS Control Tower Tutorial / Deep Dive / Demo - Implement AWS Landing zone using AWS Control Tower
Product Details
- About
- Tech Details
What is AWS Control Tower?
AWS Control Tower Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Comparisons
Compare with
Reviews and Ratings
(10)Attribute Ratings
Reviews
(1-4 of 4)AWS Control Tower in multi AWS account scenarios
- AWS Control Tower integrates with AWS Organizations
- AWS Control Tower provides Account Factory to provision preconfigured AWS accounts
- AWS Control Tower helps to isolate workloads and billing via AWS accounts separation
- AWS Control Tower supports data residency controls out of the box
- AWS Control Tower supports post provisioning actions to newly provisioned AWS accounts: for example it can trigger enabling VPC flow logs in the new account
- If possible it would be nice to see an automated option to close AWS accounts created with the Account Factory
- Multi account support
- Integration with various services - Cloud formation / stack/stackset concepts
- SSO integration
- Preconfiguration of newly created accounts
- Provisioning new AWS accounts without need to use credit card for each of the new accounts - all works on a credit card used to set up the master account.
- It helped to separate billing for dev/prod/uat workloads, making it easier to control how much developers are spending.
- Scalability
- Integration with Other Systems
- Ease of Use
- Provisioning of new AWS accounts that are preconfigured
- Applying data residency controls within a single click
- Managing user access
- Closing AWS accounts automatically is impossible
- The service catalog integration is little bit complex
- AWS SSO
- AWS Security Hub
- AWS GuardDuty
- Lots of AWS services integrates well with the Control Tower
- Single Signon
- Easily create new AWS accounts.
- Easily secure and manage AWS accounts.
- Landing zone with SSO is a huge win for larger teams.
- Can be slow at times to reflect changes.
- The GUI in the console is not always the most user-friendly and errors can be non-descript.
- Cannot change some key info about an account from AWS Control Tower once it's provisioned.
- Security
- Central logging
- SSO support
- Less time manually deploying accounts which was error prone.
- Central logging allowed us to have 1 place to view logs.
- Guardrails make securing accounts easy and quick.
- AWS SSO allows us a central point for controlling users and groups across each account.
- Centralized logging serves as a single point to monitor each environment.
- Landing zones allow us to apply templates for each account and customize each one from a central point as well.
- The AWS SSO GUI is not very intuitive and determining how to apply policies to users without creating redundant logins has been a challenge.
- The default guardrails do not fully encompass all the security checks that we needed.
- There does not appear to be any way to control roles at the IAM level from the control tower account through the GUI.
- Some features on AWS accounts still require logging into the individual account with the root user and cannot be done from AWS Control Tower.
- SSO and Federated services
- Landing Zones and guardrails
- Central logging
- AWS Control tower allowed us to drop several third-party vendors for security appliances and logging, which saved us considerable funds.
- AWS Control tower reduced the amount of time we spend deploying AWS accounts.
- AWS Control tower reduced the amount of time we have to spend on quarterly security audits.
- I like being able to see policy-level summaries of my AWS environment.
- It is great for moving quickly with minimal risk of severe blunders.
- Provisioning a new account within the purview of the Control Tower is quick and easy.
- This level of abstraction leaves you vulnerable to not knowing exactly what's been created, and that can enable you to mess things up.
- Because it provisions things on your behalf, you might end up paying for resources you don't need.
- The import process of existing accounts, which we did not end up pursuing, is tedious and manual.
- Low barrier to entry
- AWS Well Architected Framework best practices built in.
- Easy to navigate account summary of resources.
- It was ultimately a neutral impact for us as we didn't pursue it very far.
- It would not be the right fit for us given that we have the skills to roll these things on our own.
- It would have been more expensive than strictly necessary because it provisions resources you don't necessarily need.