AWS Control Tower

What is AWS Control Tower?

You are up and running in the AWS cloud. You've done multiple PoCs, and you have a number of workloads using S3, EC2 and multiple RDS databases. So far so good! But now your team is recommending creation of a Redshift data lake and switching some of your applications over to use serverless AWS Lambdas. But you have some concerns:

  • Is your spend optimized?
  • Are your instances and data fully secured?
  • Do you have the right authentication mechanisms in place?

Moving from proof of concept to AWS operational excellence is a key inflection point for every cloud-enabled organization, and it's not solved by simply throwing more money at things.

When it comes to pulling it all together, an audit is the first step. Be sure to do a comprehensive audit of your systems. If you are wondering where to start you can use this template:

Cloud Server Audit Template

Server Cloud Migration Audit Template.xlsx (.zip)

AWS Control Tower

Once you have a map of your systems, AWS Control Tower is a great organizational tool. It's a service offered by Amazon Web Services (AWS) that provides a centralized way to set up and govern secure, compliant multi-account AWS environments and is designed to simplify the process of creating and managing multiple accounts in AWS. Specifically it helps tie together multiple AWS accounts with the following services:

  • AWS Organizations - financial constraints
  • AWS Single Sign-On (SSO) - user management
  • AWS Service Catalog
  • AWS Config
  • AWS CloudTrail - AWS API logging

All of these products when tied together provide a comprehensive way of getting your company to AWS operational excellence - before expanding the pantheon of services or moving from proof of concepts to production environments at scale.

    AWS Control Tower Diagram

    What are the benefits of AWS Control Tower?

    1. Centralized Governance
    2. AWS Control Tower Templates
    3. Centralized Reporting

    Centralized Governance

    One of the key benefits of AWS Control Tower is its ability to enforce governance policies across all AWS accounts within an organization. This is achieved through the use of guardrails, which are predefined rules that are applied to all accounts within a managed environment. Guardrails help ensure that all accounts are configured to meet regulatory and compliance requirements, as well as best practices for security and resource optimization.

    AWS Control Tower Templates

    AWS Control Tower also provides a range of pre-configured templates, which can be used to quickly set up new accounts with the necessary resources and configurations. These templates can be customized to meet specific organizational requirements, and can be used to create standardized account configurations across an organization.

    Centralized Reporting

    In addition to these features, AWS Control Tower also provides detailed visibility into account usage and compliance through a centralized dashboard. This allows organizations to monitor and track usage patterns, detect potential security threats, and ensure compliance with regulatory requirements.

    What else is needed?

    The main thing required to getting your AWS house in order, is time and attention. It can be very helpful to walk through the audit and planning with a third party consultant, but ultimately the buck starts and stops with IT leadership. Successful PoCs on AWS are great, but they should be followed with organization and strategy sessions before things get out of hand. 

    Date posted: April 4, 2023

    Add new comment

    Restricted HTML

    • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
    • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>, <cpp>, <java>, <php>. The supported tag styles are: <foo>, [foo].
    • Web page addresses and email addresses turn into links automatically.
    • Lines and paragraphs break automatically.

    Metal Toad is an Advanced AWS Consulting Partner. Learn more about our AWS Managed Services

    About the Author

    Joaquin Lippincott, CEO

    Joaquin is a 20+ year technology veteran helping to lead businesses in the move to the Cloud. He frequently speaks on panels about the future of tech ranging from IoT and Machine Learning to the latest innovation in the entertainment industry.  He has helped to modernize software for industry leaders like Sony, Daimler, Intel, the Golden Globes, Siemens Wind Power, ABC, NBC, DC Comics, Warner Brothers & the Linux Foundation.

    As the CEO and Founder of Metal Toad, an AWS Advanced Consulting Partner, his primary job is to "get the right people in the room".  This one responsibility is cross-functional and includes both external business development functions as well as internal delegation and leadership development.

    A UCLA alumni, he also serves in the community as a Board Member for the Los Angeles Area Chamber of Commerce, the Beverly Hills Chamber of Commerce, and Stand for Children Oregon - a public education political advocacy group. As an outspoken advocate for entry-level job creation in tech he helped found the non-profit, P4TH, an organization dedicated to increasing the number of entry-level jobs in the tech industry, and is in the process of organizing an Advisory Board for the Bixel Exchange, a Los Angeles non-profit that provides almost 200 tech internships every year.


    Schedule a Free Consultation

    Speak with our team to understand how Metal Toad can help you drive innovation, growth, and success.