Using AWS Control Tower for security compliance
2 min read
In the AWS Well-Architected framework, there are five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. Using the corresponding tool, cloud architects can discover opportunities for improving their application infrastructure. There are a variety of interconnected services available to accomplish this, including AWS Control Tower.
AWS Control Tower automates the setup of multi-account services. This includes the use of guardrails (implementation of controls) and blueprints (pre-configured, well-architected patterns) to automate and simplify adherence to framework rules. According to AWS, the service includes:
• A multi-account environment using AWS Organizations
• Identity management using AWS Single Sign-On (SSO)
• Federated access to accounts using AWS SSO
• Centralize logging from AWS CloudTrail, and AWS Config stored in Amazon S3
• Cross-account security audits using AWS IAM and AWS SSO
The Control Tower guardrails feature is especially relevant to security and reliability, since they are constructed to prevent and alert to possible issues.
Users can enforce these as desired, but there are also recommendations in place to help prioritize what’s most important:
For more information, check out the official AWS documentation.