AWS Control Tower is a governance tool that can help you design and deploy a multi-account architecture using a Landing Zone. With AWS Control Tower you can define and enforce mandatory and elective controls (known as guardrails) which are high-level rules that provide ongoing governance for your overall AWS environment. Learn how to configure elective controls for AWS Control Tower with our video.how-to-guide.
Using AWS Control Tower controls, you can ensure that your organization and AWS account follow best practices and fulfil business compliance requirements. In this how-to guide, we demonstrate how to design and enforce an elective control on a specific AWS account. Resources created that violate this control can then be identified and remediated.
In addition, we also demonstrate how you can use the IAM Identity Center (previously the Single Sign On service) to set up users and groups and grant them access to specific accounts which can be accessed via the AWS portal. Learn how to set up single sign-on users for your multi-account deployments and how to configure and deploy AWS Control Tower guardrails in this AWS how-to guide.
If you are new to AWS Control Tower and wish to learn how to setup and configure AWS Control Tower, then check out the how-to-guide here