Using AWS Control Tower for security compliance

Using AWS Control Tower for security compliance

 2 min read

 

Mountain road with guardrails

In the AWS Well-Architected framework, there are five pillars: operational excellence, security, reliability, performance efficiency, and cost optimization. Using the corresponding tool, cloud architects can discover opportunities for improving their application infrastructure. There are a variety of interconnected services available to accomplish this, including AWS Control Tower.

 

AWS Control Tower automates the setup of multi-account services. This includes the use of guardrails (implementation of controls) and blueprints (pre-configured, well-architected patterns) to automate and simplify adherence to framework rules. According to AWS, the service includes:

 

• A multi-account environment using AWS Organizations

• Identity management using AWS Single Sign-On (SSO)

• Federated access to accounts using AWS SSO

• Centralize logging from AWS CloudTrail, and AWS Config stored in Amazon S3

• Cross-account security audits using AWS IAM and AWS SSO

 

The Control Tower guardrails feature is especially relevant to security and reliability, since they are constructed to prevent and alert to possible issues.

 

Guardrails in AWS Control Tower
Example of guardrails via Jeff Barr’s Control Tower instructions.

Users can enforce these as desired, but there are also recommendations in place to help prioritize what’s most important:

 

Guardrails in AWS Control Tower
Example of guardrails list via Jeff Barr’s Control Tower instructions.

 

For more information, check out the official AWS documentation.

 

 

 

 

AWS logo