AWS Control Tower was announced during re:Invent 2018. The Control Tower simplifies setting up and governing a secure, compliant multi-account environment. Customers will be able to quickly set-up and configure their AWS environment with best practice blueprints and guardrails and get visibility into their AWS environment through a dashboard.
Multi-account architecture has gained popularity in recent years, but many customers failed to implement an automated solution that follows the best practices. Control Tower aims to alleviate the problems associated with managing multiple AWS accounts by automating the set-up of a baseline environment, which uses core services like Config, Cloudtrail and GuardDuty.
Control Tower also provides you with an integrated dashboard so you can see a top-level summary of your AWS environment. You can view details on the provisioned accounts and the compliance status of those accounts. It is expected that this dashboard will also make configuration and policy management easier.
In our previous post, we wrote about the Landing Zone solution, which is an opinionated framework to set up a secure, multi-account AWS environment based on AWS best practices. The Control Tower aims to eliminate the management of the technical stack that the Landing Zone solution is built on and minimize the need to manually configure the environment. You no longer need to maintain a CodePipeline pipeline, step functions and an account vending machine. All these resources will be abstracted, and your environment will be configured via the Control Tower dashboard.
All this sounds good, but when Control Tower will be available? At the moment, this service is still under development and it is not recommended for production environments. If you need to implement a production-grade multi-account architecture as soon as possible, it is better to invest in the Landing Zone solution. AWS will come up with a migration plan for existing Landing Zone users when the service becomes publicly available.
We are going to share our initial impressions with you when we get access to limited preview version of AWS Control Tower.