Category: AWS Control Tower

As many customers adopt AWS Control Tower, they have asked Raphael and me how to add additional governance policies such as the NIST Cybersecurity Framework (CSF) to their environments on top of the guardrails that AWS Control Tower provides. Customers want to enable these additional policies on the AWS Regions where AWS Control Tower is […]

In this post, we show how you can use Account Factory in AWS Control Tower to provision new accounts that are ready for your teams to use. We demonstrate how you can use AWS Control Tower lifecycle events to automatically request regional service quota limit increases and enrollment in AWS Enterprise Support using the respective […]

In this blog post, I show you how to expand AWS Control Tower centralized logging strategy to cover HAQM VPC Flow Logs. Using this solution, you can manage VPC Flow Logs across multiple accounts with self-service automation and periodic consistency check.

Last updated 24 Feb 2022 to support submission of 300+ account entries per each deployment. Last updated 17 Nov 2021 to handle the changes to Account Factory inputs parameters with Nested OU support. Last updated 25 JUL 2021 to pass account details from local S3 bucket. Many customers that we work with are creating and […]

Many of the customers we work with look for ways to manage compliance and gain additional insights across their AWS multi-account organization from a central location. We often begin the discussion with AWS Control Tower, as it offers the easiest way to set up and govern a multi-account AWS environment. AWS Control Tower is an […]

Introduction Many of the customers that we have worked with are using advanced network architectures in AWS for multi-VPC and multi-account architectures. Placing workloads into separate HAQM Virtual Private Clouds (VPCs) has several advantages, chief among them isolating sensitive workloads and allowing teams to innovate without fear of impacting other systems. Many companies are taking […]

June 22, 2021: We’ve updated this post to reference the recently published Management & Governance Lens, an extension of the AWS Well-Architected Framework. When speaking with the business and technology leaders I work with, they express the need to bring new products and services to market quickly. They must also stay secure while doing so. […]

Many customers that I work with are creating and provisioning new accounts using AWS Control Tower. They prefer an AWS native solution for creating their environment knowing that it will be based upon documented AWS Best Practices. As customers scale their account creation, there exists an opportunity to use additional Control Tower features to perform […]

Customers provision new accounts in AWS Control Tower whenever they are on-boarding new business units or setting up application workloads. In some cases, organizations also want their cloud users, developers, and data scientists to deploy self-service standardized and secure patterns and architectures with the new account. Here are a few examples: A developer or cloud […]

June 22, 2021: This blog post describes CloudEndure Migration. AWS Application Migration Service, the next generation of CloudEndure Migration, is now the recommended service for lift-and-shift migrations to AWS. Most of the customers we work with want to migrate their existing workloads to an AWS environment. They prefer to follow documented AWS best practices, especially […]