-
Notifications
You must be signed in to change notification settings - Fork 4
control tower
Eric Odell edited this page Jan 30, 2020
·
1 revision
TL;DR creates automated set-up and governance of secure, well-architected environments (landing zone with shared services and well defined development and product accounts)
It's a supported service and the easiest way to set up and govern AWS at scale. Specifically it provides:
- identity management
- federated access to accounts
- centralized logging
- cross-account security audits
- workflows for provisioning accounts
- account baselines with network configurations
- guardrails - strongly recommended service control policies (SCPs)
- policy violation detection using AWS Config rules - rules remain in effect as new accounts are created and applied to existing accounts
- summary report of how accounts conforms to our enabled policies.
- policy-level summaries of our AWS environment
- provisioned accounts details
- guardrails enabled across our accounts
- account compliance status