Abstract image of a woman sitting on books and studying on a laptop

AWS Control Tower

Jackson dos Santos Olveira, profile picture
Jackson dos Santos Olveira

AWS Control Tower allows organizations to govern and orchestrate multi-account environments in AWS. It enforces global rules and compliance across accounts through centralized guardrails and blueprints. Changes can be applied from a single place to multiple accounts, automating processes like account creation at scale. Landing zones define the configuration for other accounts in a customizable and centralized manner.

Technology
1 of 11
Download to read offline
1
2
3
4
Most read
5
Most read
6
7
Most read
8
9
10
11
Govern and orchestrate multi-account environments AWS Control Tower Jackson Oliveira @cyberjso
The multiple accounts approach ➢ Isolate different workloads and allow distinct operation models ➢ Compliance and security ➢ Better cost management ➢ Speed up innovation ➢ Smaller blast radious
Organization units
Organization units - limitations ➢ Operate at scale (dozens, hundreds or thousands) ○ Hard to guarantee compliance ○ Maintenance. How to apply changed on all of them? ○ Security. Difficult to track suspicious activities ○ Cost. Dedicated engineers and teams to maintain and evolve the structure, difficult to self-serve engineers
AWS Control Tower Orchestration Organization units AWS SSO SCP Service Catalog Parameter store Cloudformation AWS Control Tower S3 VPC Config Well ARchitected Best Practices
AWS Control Tower - Main features ➢ Single view of the entire multi-account architecture ➢ Govern multiple-accounts from blueprints (landing zone) ➢ Enforces global rules (guardrails) for all accounts ➢ Apply changes from a central place ➢ Automates the account creation process at scale ➢ Customizable
AWS Control Tower - Typical setup
AWS Control Tower - Landing zone ➢ Central place where configuration for other accounts are set ➢ Resides on the master account ➢ Define what goes inside each OU/account ➢ Contains all the dashboards
AWS Control Tower
AWS Control Tower - Takeaways ➢ Existent accounts can be added into the structure after the initial setup. ➢ For small environments can be an overkill ➢ Can be customizable via terraform ➢ Errors can be hard to track sometimes ➢ Once defined, master account cannot be changed ➢ Not recommended for envs that requires too much customizations ➢ Errors are hard to troubleshoot sometimes
Govern and orchestrate multi-account environments AWS Control Tower Jackson Oliveira @cyberjso Thank you!

More Related Content

PPTX
AWS Landing Zone - Architecting Security and Governance.pptx
Akesh Patil
 
PDF
Steven Seaney - Simplifying and Streamlining AWS Control Tower Deployments
AWS Chicago
 
PDF
Steven Seaney - Simplifying and Streamlining AWS Control Tower Deployments
AWS Chicago
 
PPTX
Ghost Environment
PratipD
 
PPTX
Governance Automation in AWS (30 March 2022, ICC - Sydney)
Gerald Bachlmayr
 
PPTX
Infrastructure Provisioning & Automation For Large Enterprises
Tensult
 
PPTX
Intigua review aws integration
Scott Dainty
 
PDF
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Susan Wu
 
AWS Landing Zone - Architecting Security and Governance.pptx
Akesh Patil
 
Steven Seaney - Simplifying and Streamlining AWS Control Tower Deployments
AWS Chicago
 
Steven Seaney - Simplifying and Streamlining AWS Control Tower Deployments
AWS Chicago
 
Ghost Environment
PratipD
 
Governance Automation in AWS (30 March 2022, ICC - Sydney)
Gerald Bachlmayr
 
Infrastructure Provisioning & Automation For Large Enterprises
Tensult
 
Intigua review aws integration
Scott Dainty
 
Interop ITX: Moving applications: From Legacy to Cloud-to-Cloud
Susan Wu
 

Similar to AWS Control Tower (18)

PDF
Secure Cloud governance - AWS landing zone
Tushar Gupta
 
PPTX
Aws disaster recovery
Bipeen Sinha
 
PPTX
CloudStackFinalProject
Gustavo El Khoury
 
PPTX
On-Prem to All-In: How Versent Leads Successful AWS Migrations
OK2OK
 
PDF
Aws organizations
Olaf Conijn
 
PPTX
AWS Solution Architect Associate Report
SHIVJIprasad2
 
PPTX
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
PPTX
AWS Well Architected Framework
zekeLabs Technologies
 
PPTX
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...
AWS User Group Kochi
 
PPTX
Deploying High Availability and Business Resilient R12 Applications over the ...
Sam Palani
 
PDF
AWSome day 2018 - scalability and cost optimization with container services
Corley S.r.l.
 
PPTX
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
PPTX
How to Build a Multi-DC Cassandra Cluster in AWS with OpsCenter LCM
Anant Corporation
 
PDF
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
PPTX
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
PDF
OpenStack- A ringside view of Services and Architecture
Ritesh Somani
 
PPTX
Aws disaster recovery
Bipeen Sinha
 
PPTX
Hackproof Your Cloud: Responding to 2016 Threats
CloudCheckr
 
Secure Cloud governance - AWS landing zone
Tushar Gupta
 
Aws disaster recovery
Bipeen Sinha
 
CloudStackFinalProject
Gustavo El Khoury
 
On-Prem to All-In: How Versent Leads Successful AWS Migrations
OK2OK
 
Aws organizations
Olaf Conijn
 
AWS Solution Architect Associate Report
SHIVJIprasad2
 
Steve Seaney_AWS Control Tower - 2023 Midwest Community Day - Final.pptx
AWS Chicago
 
AWS Well Architected Framework
zekeLabs Technologies
 
ACDKOCHI19 - Journey from a traditional on-prem Datacenter to AWS: Challenges...
AWS User Group Kochi
 
Deploying High Availability and Business Resilient R12 Applications over the ...
Sam Palani
 
AWSome day 2018 - scalability and cost optimization with container services
Corley S.r.l.
 
Weaveworks at AWS re:Invent 2016: Operations Management with Amazon ECS
Weaveworks
 
How to Build a Multi-DC Cassandra Cluster in AWS with OpsCenter LCM
Anant Corporation
 
Segurança de Ponta a Ponta na AWS
Alexandre Santos
 
Hack proof your aws cloud cloudcheckr_040416
Jarrett Plante
 
OpenStack- A ringside view of Services and Architecture
Ritesh Somani
 
Aws disaster recovery
Bipeen Sinha
 
Hackproof Your Cloud: Responding to 2016 Threats
CloudCheckr
 
Ad

More from Jackson dos Santos Olveira (20)

PDF
Netty training
Jackson dos Santos Olveira
 
PDF
An introduction to predictionIO
Jackson dos Santos Olveira
 
PDF
Introduction to HashiCorp Consul
Jackson dos Santos Olveira
 
PDF
Apache mahout - introduction
Jackson dos Santos Olveira
 
PDF
Managing computational resources with Apache Mesos
Jackson dos Santos Olveira
 
PDF
Introduction to CFEngine
Jackson dos Santos Olveira
 
PDF
DBC Principles
Jackson dos Santos Olveira
 
PDF
Racket
Jackson dos Santos Olveira
 
PDF
Jboss Teiid - The data you have on the place you need
Jackson dos Santos Olveira
 
PDF
Apache PIG introduction
Jackson dos Santos Olveira
 
PPSX
Jboss AS7 New Main Features
Jackson dos Santos Olveira
 
PPSX
Celery Introduction
Jackson dos Santos Olveira
 
PDF
Solid
Jackson dos Santos Olveira
 
PPS
Aurinko
Jackson dos Santos Olveira
 
PPSX
Gcontract
Jackson dos Santos Olveira
 
PDF
Ocaml
Jackson dos Santos Olveira
 
PDF
Ocaml
Jackson dos Santos Olveira
 
PPTX
Haskell
Jackson dos Santos Olveira
 
PPT
Elastic search introduction
Jackson dos Santos Olveira
 
PPT
Presentation about ClosureScript fraemework
Jackson dos Santos Olveira
 
Netty training
Jackson dos Santos Olveira
 
An introduction to predictionIO
Jackson dos Santos Olveira
 
Introduction to HashiCorp Consul
Jackson dos Santos Olveira
 
Apache mahout - introduction
Jackson dos Santos Olveira
 
Managing computational resources with Apache Mesos
Jackson dos Santos Olveira
 
Introduction to CFEngine
Jackson dos Santos Olveira
 
DBC Principles
Jackson dos Santos Olveira
 
Racket
Jackson dos Santos Olveira
 
Jboss Teiid - The data you have on the place you need
Jackson dos Santos Olveira
 
Apache PIG introduction
Jackson dos Santos Olveira
 
Jboss AS7 New Main Features
Jackson dos Santos Olveira
 
Celery Introduction
Jackson dos Santos Olveira
 
Solid
Jackson dos Santos Olveira
 
Aurinko
Jackson dos Santos Olveira
 
Gcontract
Jackson dos Santos Olveira
 
Ocaml
Jackson dos Santos Olveira
 
Ocaml
Jackson dos Santos Olveira
 
Haskell
Jackson dos Santos Olveira
 
Elastic search introduction
Jackson dos Santos Olveira
 
Presentation about ClosureScript fraemework
Jackson dos Santos Olveira
 
Ad

Recently uploaded (20)

PDF
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
PDF
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
PPTX
Microsoft User Copilot Training Slide Deck
zohoron1
 
PDF
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
DOCX
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
PDF
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
PPTX
SGT Report The Beast Plan and Cyberphysical Systems of Control
hopegirl587
 
PDF
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
PPT
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
PPTX
Configure Apache Mutual Authentication
Antonino Piraino
 
PPTX
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
PPTX
Internet of Everything -Basic concepts details
sendilkumar66
 
PPTX
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
PDF
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
PDF
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
PDF
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
PDF
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
PDF
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
PDF
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 
INTERSPEECH 2025 「Recent Advances and Future Directions in Voice Conversion」
NU_I_TODALAB
 
SaaS reusability assessment using machine learning techniques
IAESIJAI
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
ThousandEyes
 
Microsoft User Copilot Training Slide Deck
zohoron1
 
The-2025-Engineering-Revolution-AI-Quality-and-DevOps-Convergence.pdf
Kalilur Rahman
 
Basics of Cloud Computing - Cloud Ecosystem
suthak11
 
Early detection and classification of bone marrow changes in lumbar vertebrae...
IAESIJAI
 
SGT Report The Beast Plan and Cyberphysical Systems of Control
hopegirl587
 
Transform-Quality-Engineering-with-AI-A-60-Day-Blueprint-for-Digital-Success.pdf
Kalilur Rahman
 
Galois Field Theory of Risk: A Perspective, Protocol, and Mathematical Backgr...
Melanie Swan
 
Configure Apache Mutual Authentication
Antonino Piraino
 
future_of_ai_comprehensive_20250822032121.pptx
forrandomuse090
 
Internet of Everything -Basic concepts details
sendilkumar66
 
GROUP4NURSINGINFORMATICSREPORT-2 PRESENTATION
ClarisejaneSartillo1
 
Improvisation in detection of pomegranate leaf disease using transfer learni...
IAESIJAI
 
Rapid Prototyping: A lecture on prototyping techniques for interface design
Mark Billinghurst
 
Statistics on Ai - sourced from AIPRM.pdf
AmelynLeeMeira
 
giants, standing on the shoulders of - by Daniel Stenberg
Daniel Stenberg
 
sbt 2.0: go big (Scala Days 2025 edition)
Eugene Yokota
 
Aug23rd - Mulesoft Community Workshop - Hyd, India.pdf
Ravi Tamada
 

AWS Control Tower

  • 1. Govern and orchestrate multi-account environments AWS Control Tower Jackson Oliveira @cyberjso
  • 2. The multiple accounts approach ➢ Isolate different workloads and allow distinct operation models ➢ Compliance and security ➢ Better cost management ➢ Speed up innovation ➢ Smaller blast radious
  • 4. Organization units - limitations ➢ Operate at scale (dozens, hundreds or thousands) ○ Hard to guarantee compliance ○ Maintenance. How to apply changed on all of them? ○ Security. Difficult to track suspicious activities ○ Cost. Dedicated engineers and teams to maintain and evolve the structure, difficult to self-serve engineers
  • 5. AWS Control Tower Orchestration Organization units AWS SSO SCP Service Catalog Parameter store Cloudformation AWS Control Tower S3 VPC Config Well ARchitected Best Practices
  • 6. AWS Control Tower - Main features ➢ Single view of the entire multi-account architecture ➢ Govern multiple-accounts from blueprints (landing zone) ➢ Enforces global rules (guardrails) for all accounts ➢ Apply changes from a central place ➢ Automates the account creation process at scale ➢ Customizable
  • 7. AWS Control Tower - Typical setup
  • 8. AWS Control Tower - Landing zone ➢ Central place where configuration for other accounts are set ➢ Resides on the master account ➢ Define what goes inside each OU/account ➢ Contains all the dashboards
  • 10. AWS Control Tower - Takeaways ➢ Existent accounts can be added into the structure after the initial setup. ➢ For small environments can be an overkill ➢ Can be customizable via terraform ➢ Errors can be hard to track sometimes ➢ Once defined, master account cannot be changed ➢ Not recommended for envs that requires too much customizations ➢ Errors are hard to troubleshoot sometimes
  • 11. Govern and orchestrate multi-account environments AWS Control Tower Jackson Oliveira @cyberjso Thank you!